Safety Case has become an integral component for safety-certification in various Cyber Physical System domains including automotive, aviation, medical devices, and military. The certification processes for these systems are stringent and... more
Safety Case has become an integral component for safety-certification in various Cyber Physical System domains including automotive, aviation, medical devices, and military. The certification processes for these systems are stringent and require robust safety assurance arguments and substantial evidence backing. Despite the strict requirements, current practices still rely on manual methods that are brittle, do not have a systematic approach or thorough consideration of sound arguments. In addition, stringent certification requirements and ever-increasing system complexity make ad-hoc, manual assurance case generation (ACG) inefficient, time consuming, and expensive. To improve the current state of practice, we introduce a structured ACG tool which uses system design artifacts, accumulated evidence, and developer expertise to construct a safety case and evaluate it in an automated manner. We also illustrate the applicability of the ACG tool on a remote-control car testbed case study.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
A3 is an execution management environment that aims to make network-facing applications and services resilient against zero-day attacks. A3 recently underwent two adversarial evaluations of its defensive capabilities. In one, A3 defended... more
A3 is an execution management environment that aims to make network-facing applications and services resilient against zero-day attacks. A3 recently underwent two adversarial evaluations of its defensive capabilities. In one, A3 defended an App Store used in a Capture the Flag (CTF) tournament, and in the other, a tactically relevant network service in a red team exercise. This paper describes the A3 defensive technologies evaluated, the evaluation results, and the broader lessons learned about evaluations for technologies that seek to protect critical systems from zero-day attacks.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests: Deterrence and Intrusion
Research Interests:
Research Interests:
Research Interests:
Page 1. Page 2. Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions ...
Research Interests:
Research Interests: Tools and Design Pattern
Research Interests:
Research Interests: QoS and Implementation
... html>. 3. Zodgekar, Sameer A. Identity Theft: A High-Tech Menace. ICFAI University Press. Apr. 2008. 4. Mortbay.com. ... 2008 <www.privoxy.org/user -manual/index.html>. 11. Aladdin.com. The eSafe Web Threat... more
... html>. 3. Zodgekar, Sameer A. Identity Theft: A High-Tech Menace. ICFAI University Press. Apr. 2008. 4. Mortbay.com. ... 2008 <www.privoxy.org/user -manual/index.html>. 11. Aladdin.com. The eSafe Web Threat Analyzer Audit. 2008 <www.aladdin. com/esafe/solutions/wta>. ...
Research Interests:
Research Interests:
Page 1. Providing Multiple Views for Objects by Means of Surrogates Naftaly H. Minsky minskyQcs.rutgers.edu Partha pratim Pal partha@cs.rutgers.edu Department of Computer Science Rutgers University New Brunswick, NJ 08903 USA 1... more
Page 1. Providing Multiple Views for Objects by Means of Surrogates Naftaly H. Minsky minskyQcs.rutgers.edu Partha pratim Pal partha@cs.rutgers.edu Department of Computer Science Rutgers University New Brunswick, NJ 08903 USA 1 Intmduction ...
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Continuous quantitative assessment is critical for security, correctness, performance, and scalability in distributed information sharing environments. Current approaches to quantitative assessment suffer from a number of shortcomings... more
Continuous quantitative assessment is critical for security, correctness, performance, and scalability in distributed information sharing environments. Current approaches to quantitative assessment suffer from a number of shortcomings including limited coverage, tight integration with functional code, and off-line evaluation, which limits their use for continuous assessment. In this article, we present Metrinome, a framework that enables remote monitoring and controlled experimentation. Metrinome provides (1) increased coverage over observables by virtue of ingesting fine-grained application logs, (2) reduced integration cost due to loose coupling with the monitored system and its ability to hook into existing logging infrastructures, and (3) real-time visualization of key metrics as well as export of collected metric sets for persistence and reporting.
Research Interests:
SUMMARY Applications that are part of a mission-critical information system need to maintain a usable level of key services through ongoing cyber-attacks. In addition to the well- publicized denial of service (DoS) attacks, these... more
SUMMARY Applications that are part of a mission-critical information system need to maintain a usable level of key services through ongoing cyber-attacks. In addition to the well- publicized denial of service (DoS) attacks, these networked and distributed applications are increasingly threatened by sophisticated attacks that attempt to corrupt system components and violate service integrity. While various approaches have been explored to deal with the DoS attacks, corruption-inducing attacks remain largely unaddressed. We have developed a collection of mechanisms based on redundancy, Byzantine fault tolerance, and adaptive middleware that help distributed, object-based applications tolerate corruption-inducing attacks. In this paper, we present the ITUA architecture which integrates these mechanisms in a framework for auto-adaptive intrusion-tolerant systems, and describe our experience in using the technology to defend a critical application that is part of a larger avionics system...
Research Interests:
This paper presents an overview of the current state of cyber-security research and development (R&D), and a number of forward looking thoughts focusing on the challenges the community is likely to encounter in the next few years. The... more
This paper presents an overview of the current state of cyber-security research and development (R&D), and a number of forward looking thoughts focusing on the challenges the community is likely to encounter in the next few years. The research ideas are organized in two categories- the first describes ideas that have already taken roots in the R&D community, whereas the second describes ideas that are more radical and require a significant departure from current practice.
Research Interests:
The threat of cyber-attacks is not limited to the boundary of information systems any longer. Safety and reliability of almost any system can be compromised by exploiting the vulnerabilities in the information systems that connect with or... more
The threat of cyber-attacks is not limited to the boundary of information systems any longer. Safety and reliability of almost any system can be compromised by exploiting the vulnerabilities in the information systems that connect with or control them. Agile and ongoing manipulation of (redundant and diverse) system components, defense mechanisms and system resources is essential for surviving attacks and continuing operation. Cyber-defense administration— dynamic management of components, defense mechanism and systems resources—is therefore a current topic of significant interest to the dependability community. In this paper, we present our ongoing work on automated support for intelligent cyber-defense administration.
Transport Layer Security (TLS) and its precursor Secure Sockets Layer (SSL) are the most widely deployed protocol to establish secure communication over insecure Internet Protocol (IP) networks. Providing a secure session layer on top of... more
Transport Layer Security (TLS) and its precursor Secure Sockets Layer (SSL) are the most widely deployed protocol to establish secure communication over insecure Internet Protocol (IP) networks. Providing a secure session layer on top of TCP, TLS is frequently the first defense layer encountered by adversaries who try to cause loss of confidentiality by sniffing live traffic or loss of integrity using man-in-the-middle attacks. Despite its wide deployment and evolution over the last 18 years, TLS remains vulnerable to a number of threats at the protocol layer and therefore does not provide strong security out-of-the-box, requiring tweaks to its configuration in order to provide the expected security benefits. This paper provides a summary of the current TLS threat surface together with a validated approach for minimizing the risk of TLS-compromise. The main contributions of this paper include 1) identification of configuration options that together maximize security guarantees in th...
Research Interests:
... Partha Pal BBN Technologies ppal@bbn.com Paul Rubel BBN Technologies prubel@bbn.com ... A model of quarantine in cyber-defense. Technical Report ITUA Validation Report, Chapter 5, F30602-00-C-0172, BBN Technologies, 2004. [8] F.... more
... Partha Pal BBN Technologies ppal@bbn.com Paul Rubel BBN Technologies prubel@bbn.com ... A model of quarantine in cyber-defense. Technical Report ITUA Validation Report, Chapter 5, F30602-00-C-0172, BBN Technologies, 2004. [8] F. Webber, P. Pal, et al. ...
Research Interests:
ABSTRACT This paper presents a recently achieved incremental milestone on the long path toward more intelligently adaptive, automated and self-managed computer systems. We demonstrate the feasibility of integrated cyber-defense connecting... more
ABSTRACT This paper presents a recently achieved incremental milestone on the long path toward more intelligently adaptive, automated and self-managed computer systems. We demonstrate the feasibility of integrated cyber-defense connecting anomaly detection and isolation mechanisms operating at different system layers with two complementary mediation policy adaptation techniques in service of automatic remediation against observed attacks and their future variants. We describe a number of experiments evaluating the relevance and effectiveness of the integrated cyber-defense operation.
The same network infrastructure, that is essential for the operation of today's high valued distributed information systems, can also be misused by malicious attackers. Experience shows that implementing absolute security or... more
The same network infrastructure, that is essential for the operation of today's high valued distributed information systems, can also be misused by malicious attackers. Experience shows that implementing absolute security or completely preventing cyber attacks is infeasible when systems must be highly interconnected and are made of COTS components with unknown security characteristics. Therefore, focus is shifting towards making high
Research Interests:
Research Interests: Information Management, Case Studies, Data Management, Mobile Computing, Authentication, and 12 moreProtocols, Quality of Service, Information Exchange, Mobile Devices, Network Architecture, Prototypes, Gateway, Computer Network Security, Authorization, Communication protocols, Logic Gates, and Communications Protocols
ABSTRACT An increasing number of military systems are being developed using service orientation. Some of the features that make service orientation appealing, like loose coupling, dynamism and composition-oriented system construction,... more
ABSTRACT An increasing number of military systems are being developed using service orientation. Some of the features that make service orientation appealing, like loose coupling, dynamism and composition-oriented system construction, make securing service-based systems more complicated. We have been developing technologies for Advanced Protected Services (APS) to improve the resilience and survival of services under cyber attack. These technologies introduce a layer to absorb, contain, and adapt to cyber attacks before attacks reach critical services. This paper describes an evaluation of these advanced protection technologies using cooperative red teaming. In cooperative red teaming, an independent red team launches attacks on a protected enclave in order to evaluate the efficacy and efficiency of the protection technologies, but the red team is provided full knowledge of the system under test and its protections, and is given escalating levels of access to the system. The red team also operates within agreed upon rules of engagement designed to focus their effort on useful evaluation results. Apart from presenting the evaluation results, we also discuss cooperative red teaming as an effective means of evaluating cyber security.