Megan Kline

AutoMigrate: A Framework for Developing Intelligent, Self-Managing Cloud Services with Maximum Availability

Cloud services are on-demand services provided to end-users over the Internet and hosted by cloud service providers. A cloud service consists of a set of interacting applications/processes running on one or more interconnected VMs. Organizations are increasingly using cloud services as a cost-effective means for outsourcing their IT departments. However, cloud service availability is not guaranteed by cloud service providers, especially in the event of anomalous circumstances that spontaneously disrupt availability including natural disasters, power failure, and cybersecurity attacks. In this paper, we propose a framework for developing intelligent systems that can monitor and migrate cloud services to maximize their availability in case of cloud disruption. The framework connects an autonomic computing agent to the cloud to automatically migrate cloud services based on anticipated cloud disruption. The autonomic agent employs a modular design to facilitate the incorporation of different techniques for deciding when to migrate cloud services, what cloud services to migrate, and where to migrate the selected cloud services. We incorporated a virtual machine selection algorithm for deciding what cloud services to migrate that maximizes the availability of high priority services during migration under time and network bandwidth constraints. We implemented the framework and conducted experiments to evaluate the performance of the underlying techniques. Based on the experiments, the use of this framework results in less down-time due to migration, thereby leading to reduced cloud service disruption.

Nomad: A Framework for Developing Mission-Critical Cloud-Based Applications

The practicality of existing techniques for processing encrypted data stored in untrusted cloud environments is a limiting factor in the adoption of cloud-based applications. Both public and private sector organizations are reluctant to push their data to the cloud due to strong requirements for security and privacy of their data. In particular, mission-critical defense applications used by governments do not tolerate any leakage of sensitive data. In this paper, we propose Nomad, a framework for developing mission-critical cloud-based applications. The framework is comprised of: 1) a homomorphism encryption-based service for processing encrypted data directly within the untrusted cloud infrastructure, and 2) a client service for encrypting and decrypting data within the trusted environment, and storing and retrieving these data to and from the cloud. Both services are equipped with GPU-based parallelization to accelerate the expensive homomorphic encryption operations. To evaluate the Nomad framework, we developed Call For Fire, amission-critical application which enables defense personnel to call for fire on targets. Due to the nature of the mission, this application requires guaranteed security. The experimental results highlight the performance enhancements of the GPU-based acceleration mechanism and the feasibility of the Nomad framework.

An Approach to Organizational Cybersecurity

Large organizations must plan for Cybersecurity throughout their entire network, taking into account network granularity and outside subcontractors. The United States Department of Defense (DoD) has large networked systems that span the globe, crossing multiple intra-organizational systems. This larger network includes Information Systems typical of enterprise networks, SCADA Systems monitoring critical infrastructure, newer Cyber-physical systems, and mobile networks. With increased connectivity within the DoD and to external organizations, Cybersecurity is seen as a critical organizational need. There is not currently a standard evaluation process to gauge whether various Cybersecurity technologies adequately meet the needs of either the DoD at large or the context of lower-tier organizations. We introduce the DoD-Centric and Independent Technology Evaluation Capability (DITEC), an enterprise-ready evaluation tool that offers a repeatable evaluation process, the ability to take prior product evaluations into account during the acquisition process, and tools to assist security non-experts in understanding which technologies meet their specific needs. This work describes DITEC and the Cyber-SCADA Evaluation Capability (C-SEC), an implementation of DITEC in a Cyber-Physical context.

Security in the Industrial Internet of Things - The C-SEC Approach

A revolutionary development in machine-to-machine communications, the “Internet of Things” (IoT) is often characterized as an evolution of Supervisory Control and Data Acquisition (SCADA) networks. SCADA networks have been used for machine-to-machine communication and controlling automated processes since before the widespread use of the Internet. The adoption of open internet protocols within these systems has created unforeseen security vulnerabilities. In this paper we detail the Cyber-SCADA Evaluation Capability (C-SEC), a US Department of Defense research effort aimed at securing SCADA networks. We also demonstrate how the C-SEC framework could enhance the security posture of the emerging IoT paradigm.

CallForFire: A Mission-Critical Cloud-Based Application Built Using the Nomad Framework

In this demo paper we describe CallForFire, a GIS-based mission-critical defense application that can be deployed in the cloud. CallForFire enables secure computation of enemy target locations and selection of firing assets. It is built using the Nomad framework, which enables the development of secure cloud-based applications. Our experimental results validate the feasibility of this application within the Nomad framework.

C-SEC (Cyber SCADA evaluation capability): Securing critical infrastructures

C-SEC (Cyber-SCADA Evaluation Capability) is a new technology developed to secure our nations critical infrastructures. C-SEC provides an evaluation software tool, laboratory testing and a framework that enables the proper and efficient evaluation of Cyber Security technologies for SCADA networks and its industrial components.

TMT: Technology Matching Tool for SCADA Network Security

With the increasing connectedness of traditionally isolated devices, such as those found in Supervisory Control and Data Acquisition (SCADA) networks, comes the increasingly complex challenge of providing appropriate cybersecurity controls. SCADA networks present a number of challenges in their differences from more traditional IT systems as they tend to prioritize availability over other concerns such as confidentiality or integrity. Identifying appropriate technologies to provide the necessary level of protection on Internet-facing SCADA networks is difficult not only because of these differences, but also the wide variety of products available. The Technology Matching Tool (TMT) was developed to assist users in determining appropriate, best-fit technologies for securing SCADA networks by empowering the user to define priorities for specific product feature sets as dictated by the specific environment to be protected. TMT has been developed into a web-based tool, giving the user a great deal of flexibility in defining cybersecurity priorities, as well as insight into suitable products or technology categories.

Towards Firmware Analysis of Industrial Internet of Things (IIoT) - Applying Symbolic Analysis to IIoT Firmware Vetting.

Embedded systems and Industrial Internet of Things (IIoT) devices are rapidly increasing in number and complexity. The subset IIoT refers to Internet of Things (IoT) devices that are used in manufacturing and industrial control systems actively being connected to larger networks and the public internet. As a result, cyber-physical attacks are becoming an increasingly common tactic employed to cause economic and physical damage. This work aims to perform near automated firmware analysis on embedded systems, Industrial Control Systems (focusing on Programmable Logic Controllers), Industrial Internet of Things devices, and other cyber-physical systems in search of malicious functionality. This paper explores the use of binary analysis tools such as angr, the cyber reasoning system (CRS) ’Mechanical Phish’, American Fuzzy Lop (AFL), as well as virtualization tools such as OpenPLC, firmadyne, and QEMU to uncover hidden vulnerabilities, find ways to mitigate those vulnerabilities, and enhance the security posture of the Industrial Internet of Things.