Patrick Hurley

Information-Theoretic Treatment of Sensor Data Collection: A Perspective on Processing and Communication Tradeoffs

In sensor networks, a device may operate on fuzzy inputs, thereby generating a result that possibly deviates from the reference datum in physical world being sensed. The extent of deviation (i.e., inaccuracy of data) and the time it takes to compute the output result (i.e., timeliness of data) depend on the number of orthogonal information elements processed from the sensed data. Due to the large dimensionality of input data, a sensor device may need to incur significant amounts of computation on a data and communication among with other devices to exchange pre-processed data. Since the sensor devices are often resource-constrained (i.e., have limited amount of processing cycles, memory sizes, and battery power), an important issue is the amount of computation and communication cycles a device can spend during data processing. The paper provides an information-theoretic discussion of the tradeoffs between the resources expended by a device to process its input data and the timeliness and accuracy of its output result. The goal is to provide quantitative methods of evaluating the tradeoffs, so that sensor devices can adapt their operations based on the resource availability.

An Uncrewed Aerial Vehicle Attack Scenario and Trustworthy Repair Architecture

With the growing ubiquity of uncrewed aerial vehicles (UAVs), mitigating emergent threats in such systems has become increasingly important. In this short paper, we discuss an indicative class of UAVs and a potential attack scenario in which a benign UAV completing a mission can be compromised by a malicious attacker with an antenna and a commodity computer with open-source ground station software. We attest to the relevance of such a scenario for both enterprise and defense applications. We describe a system architecture for resiliency and trustworthiness in the face of these attacks. Our system is based on the quantitative assessment of trust from domain-specific telemetry data and the application of program repair techniques to UAV flight plans. We conclude with a discussion of restoring trust in post-repair UAV mission integrity.

Metrics and measurement of trustworthy systems

Accurate measurement of the quality of systems is crucial to building trustworthy systems. Such a measurement indicates whether a system is working properly and meeting its requirements. Although security and dependability metrics are regarded as key metrics for measuring the quality of systems, they are not sufficient for measuring the quality of systems that are placed in a multi-domain environment including hardware, software, network, human factors, and physical environments. In order to embrace multidimensional aspects of the quality of a system, we introduce a trustworthiness metric framework that supports three key submetrics of trust, resilience, and agility, and propose an ontology-based framework with three corresponding sub-ontologies. We also discuss how the key metrics are related to the severity of threats and the quality of assessment tools. This work is part of the cyber defense effort conducted by the Trustworthy Systems Working Group (TSWG) under the Cyber Strategic Challenge Group (CSCG) of The Technical Cooperation Program (TTCP), which is an international cooperation organization for enhancing defense science and technology.

Trusted Software Repair for System Resiliency

We describe ongoing work to increase trust in resilient software systems. Automated software repair techniques promise to increase system resiliency, allowing missions to continue in the face of software defects. While a number of program repair approaches have been proposed, the most scalable and applicable of those techniques can be the most difficult to trust. Using approximate solutions to the oracle problem, we consider three approaches by which trust can be re-established in a post-repair system. Each approach learns or infers a different form of partial model of correct behavior from pre-repair observations; post-repair systems are evaluated with respect to those models. We focus on partial oracles modeled from external execution signals, derived from similar code fragment behavior, and inferred from invariant relations over local variables. We believe these three approaches can provide an expanded assessment of trust in a repaired, resilient system.

Continuous mission-oriented assessment (CMA) of assurance

This paper reports ongoing work on a novel mission-oriented information assurance (IA) assessment approach that contrasts runtime measurements and observations against user-specified requirements.

Trusted Mission Operation - Concept and Implementation

Small unmanned vehicles support many mission critical tasks. However, the provenance of these systems is usually not known, devices may be deployed in contested environments, and operators are often not computer system experts. Yet, the benefits of these systems outweigh the risks, and critical tasks and data are delegated to these systems without a sound basis for assessing trust. This paper describes an approach that can determine an operator’s trust in a mission system and applies continuous monitoring to indicate if the performance is within a trusted operating region. In an early prototype we (a) define a multi-dimensional trusted operating region for a given mission, (b) monitor the system in-mission, and (c) detect when anomalous effects put the mission at risk.

Cyber Security Resource Allocation: A Markov Decision Process Approach

An effective defense-in-depth in cyber security applies multiple layers of defense throughout a system. The goalis to defend a system against cyber-attack using severalindependent methods. Therefore, a cyber-attack that is able to penetrate one layer of defense may be unsuccessful in other layers. Common layers of cyber defense include: attack avoidance, prevention, detection, survivability and recovery. It follows that in security-conscious organizations, the cyber security investment portfolio is divided into different layers of defense. For instance, a two-way division is agility and recovery. Cyber agility pursues attack avoidance techniques such that cyber-attacks are rendered as ineffective, whereas cyber recovery seeks to fight-through successful attacks. We show that even when the primary focus is on the agility of a system, recovery should be an essential point during implementation because the frequency of attacks will degrade the system and a quick and fast recovery is necessary. However, there is not yet an optimum mechanism to allocate limited cyber security resourcesinto the different layers. We propose an approach using theMarkov Decision Process (MDP) framework for resourcesallocation between the two end layers: agility and recovery.

System impact characteristics of cyber services, security mechanisms, and attacks with implications in cyber system survivability

Three types of activities may run on computer and network systems at the same time: services, security mechanisms, and attacks. Computer and network systems should sustain legitimate cyber services even under attacks. In this study, system impacts of services, security mechanisms and attacks are investigated and used to develop strategies for system survivability. Experiments are conducted to collect system dynamics data under two services of voice communication and motion detection, two security mechanisms of data encryption and intrusion detection, and five cyber attacks. Statistical analyses are performed on the experimental data to identify system-wide impacts of services, security mechanisms and attacks on system activities, state and performance. The analytical results reveal the system impact characteristics of these services, security mechanisms, and attacks on IO and file operations and bytes, page and cache faults, memory usage, CPU usage, and network traffic. The competition for system resources by all the activities in the system manifests themselves predominantly in their competition for limited CPU time. This competition for limited CPU time can be used as a strategy to ensure system survivability by increasing the activity level of legitimate services to leave less CPU time for attacks and thus suppress the level and system impacts of attacks while sustaining CPU time for legitimate services.