Science & Engineering of Cyber Security by Uncertainty Quantification and Rigorous Experimentation
Welcome to the SECURE Grand Challenge Laboratory Directed Research & Development Website. SECURE brings together a diverse group of experts in Emulytics, uncertainty quantification, data analysis, stochastic optimization, and operational cybersecurity to tackle an indisputable problem.
About Secure Grand Challenge LDRD
Securing cyber systems is paramount, but cyber defenders lack evidence-based techniques required to make high-consequence decisions. The 2016 Federal Cybersecurity R&D Strategic Plan states: “Most [cybersecurity] techniques are domain- and context-specific, often not validated as mathematically and empirically sound, and rarely consider efficacy and efficiency. Thus, the state of the practice consists of heuristic techniques, informal principles and models of presumed adversary behavior, and process-oriented metrics.” This plan emphasizes a need for evidence-based approaches to cybersecurity, which employ principled and rigorous measurements and models. These approaches provide a foundation for understanding the limitations on available data and measurability of cyber activities and developing risk management strategies against malicious activities.
SECURE will discover and develop techniques for evidence-based cybersecurity, leveraging the cyber experimental foundation provided by Emulytics (a scalable, virtualized environment for modeling cyber systems) to produce quantitative knowledge concerning a target system, estimate cybersecurity risks, and identify defensive strategies. Specifically, this research will discover new methods to integrate Emulytics, uncertainty quantification and stochastic programming into workflows, enabling evidence-based risk assessment and risk mitigation. This research will develop robust analytic techniques that can accommodate sparse and missing data, heavy-tailed uncertainties, and limitations of Emulytic predictions. Thus, this project provides a step towards a science of cybersecurity.
SECURE will be built on three research elements:
- Emulytics to create detailed, quantitative knowledge concerning a target system
- Data analysis and uncertainty quantification (UQ) techniques that will use information from emulations to develop rigorous reduced-order models that capture key features of these systems
- Adversarial stochastic optimization that will analyze these reduced-order models to optimize cyber defenses, which will be validated and refined using Emulytics.
Cybersecurity experimentation on live environments is costly, time consuming, and disruptive (if not impossible). Thus, these tests provide sparse knowledge about complex cyber systems, and provide limited ability to answer “what if” questions: “What is the best way to defend our network?” “In creating defenses, which attacks should concern us as being maximally disruptive to this system?” Consequently, enabling technologies for Emulytics in virtualized environments are beginning to coalesce to vastly improve our ability to develop, test, and deploy cybersecurity strategies. This capability enables an experimental approach to evidence-based cybersecurity, where computational experiments provide insight into the dynamics and interactions in a cyber system. In simple systems, results of these experiments can directly answer “what if” questions. In complex cyber systems, novel statistical methods for UQ are needed to understand complex interactions. Such statistical characterizations can then be used to explore alternative defense strategies.