Roger Hallman

AutoMigrate: A Framework for Developing Intelligent, Self-Managing Cloud Services with Maximum Availability

Cloud services are on-demand services provided to end-users over the Internet and hosted by cloud service providers. A cloud service consists of a set of interacting applications/processes running on one or more interconnected VMs. Organizations are increasingly using cloud services as a cost-effective means for outsourcing their IT departments. However, cloud service availability is not guaranteed by cloud service providers, especially in the event of anomalous circumstances that spontaneously disrupt availability including natural disasters, power failure, and cybersecurity attacks. In this paper, we propose a framework for developing intelligent systems that can monitor and migrate cloud services to maximize their availability in case of cloud disruption. The framework connects an autonomic computing agent to the cloud to automatically migrate cloud services based on anticipated cloud disruption. The autonomic agent employs a modular design to facilitate the incorporation of different techniques for deciding when to migrate cloud services, what cloud services to migrate, and where to migrate the selected cloud services. We incorporated a virtual machine selection algorithm for deciding what cloud services to migrate that maximizes the availability of high priority services during migration under time and network bandwidth constraints. We implemented the framework and conducted experiments to evaluate the performance of the underlying techniques. Based on the experiments, the use of this framework results in less down-time due to migration, thereby leading to reduced cloud service disruption.

IoDDoS - The Internet of Distributed Denial of Sevice Attacks - A Case Study of the Mirai Malware and IoT-Based Botnets.

The Internet of Things (IoT), a platform and phenomenon allowing everything to process information and communicate data, is populated by ‘things’ which are introducing a multitude of new security vulnerabilities to the cyber-ecosystem. These vulnerable ‘things’ typically lack the ability to support security technologies due to the required lightweightness and a rush to market. There have recently been several high-profile Distributed Denial of Service (DDoS) attacks which utilized a botnet army of IoT devices. We first discuss challenges to cybersecurity in the IoT environment. We then examine the use of IoT botnets, the characteristics of the IoT cyber ecosystem that make it vulnerable to botnets, and make a deep dive into the recently discovered IoTbased Mirai botnet malware. Finally, we consider options to mitigate the risk of IoT devices being conscripted into a botnet army.

Nomad: A Framework for Developing Mission-Critical Cloud-Based Applications

The practicality of existing techniques for processing encrypted data stored in untrusted cloud environments is a limiting factor in the adoption of cloud-based applications. Both public and private sector organizations are reluctant to push their data to the cloud due to strong requirements for security and privacy of their data. In particular, mission-critical defense applications used by governments do not tolerate any leakage of sensitive data. In this paper, we propose Nomad, a framework for developing mission-critical cloud-based applications. The framework is comprised of: 1) a homomorphism encryption-based service for processing encrypted data directly within the untrusted cloud infrastructure, and 2) a client service for encrypting and decrypting data within the trusted environment, and storing and retrieving these data to and from the cloud. Both services are equipped with GPU-based parallelization to accelerate the expensive homomorphic encryption operations. To evaluate the Nomad framework, we developed Call For Fire, amission-critical application which enables defense personnel to call for fire on targets. Due to the nature of the mission, this application requires guaranteed security. The experimental results highlight the performance enhancements of the GPU-based acceleration mechanism and the feasibility of the Nomad framework.

An Approach to Organizational Cybersecurity

Large organizations must plan for Cybersecurity throughout their entire network, taking into account network granularity and outside subcontractors. The United States Department of Defense (DoD) has large networked systems that span the globe, crossing multiple intra-organizational systems. This larger network includes Information Systems typical of enterprise networks, SCADA Systems monitoring critical infrastructure, newer Cyber-physical systems, and mobile networks. With increased connectivity within the DoD and to external organizations, Cybersecurity is seen as a critical organizational need. There is not currently a standard evaluation process to gauge whether various Cybersecurity technologies adequately meet the needs of either the DoD at large or the context of lower-tier organizations. We introduce the DoD-Centric and Independent Technology Evaluation Capability (DITEC), an enterprise-ready evaluation tool that offers a repeatable evaluation process, the ability to take prior product evaluations into account during the acquisition process, and tools to assist security non-experts in understanding which technologies meet their specific needs. This work describes DITEC and the Cyber-SCADA Evaluation Capability (C-SEC), an implementation of DITEC in a Cyber-Physical context.

Security in the Industrial Internet of Things - The C-SEC Approach

A revolutionary development in machine-to-machine communications, the “Internet of Things” (IoT) is often characterized as an evolution of Supervisory Control and Data Acquisition (SCADA) networks. SCADA networks have been used for machine-to-machine communication and controlling automated processes since before the widespread use of the Internet. The adoption of open internet protocols within these systems has created unforeseen security vulnerabilities. In this paper we detail the Cyber-SCADA Evaluation Capability (C-SEC), a US Department of Defense research effort aimed at securing SCADA networks. We also demonstrate how the C-SEC framework could enhance the security posture of the emerging IoT paradigm.

CallForFire: A Mission-Critical Cloud-Based Application Built Using the Nomad Framework

In this demo paper we describe CallForFire, a GIS-based mission-critical defense application that can be deployed in the cloud. CallForFire enables secure computation of enemy target locations and selection of firing assets. It is built using the Nomad framework, which enables the development of secure cloud-based applications. Our experimental results validate the feasibility of this application within the Nomad framework.

TMT: Technology Matching Tool for SCADA Network Security

With the increasing connectedness of traditionally isolated devices, such as those found in Supervisory Control and Data Acquisition (SCADA) networks, comes the increasingly complex challenge of providing appropriate cybersecurity controls. SCADA networks present a number of challenges in their differences from more traditional IT systems as they tend to prioritize availability over other concerns such as confidentiality or integrity. Identifying appropriate technologies to provide the necessary level of protection on Internet-facing SCADA networks is difficult not only because of these differences, but also the wide variety of products available. The Technology Matching Tool (TMT) was developed to assist users in determining appropriate, best-fit technologies for securing SCADA networks by empowering the user to define priorities for specific product feature sets as dictated by the specific environment to be protected. TMT has been developed into a web-based tool, giving the user a great deal of flexibility in defining cybersecurity priorities, as well as insight into suitable products or technology categories.

Homomorphic Encryption for Secure Computation on Big Data.

With the ubiquity of mobile devices and the emergence of Internet of Things (IoT) technologies, most of our activities contribute to ever-growing data sets which are used for big data analytics for a variety of uses, from targeted advertising to making medical and financial judgments and beyond. Many individuals and organizations adopt this new big data paradigm without giving any consideration to privacy and security when they create this data and voluntarily give it up for aggregation. Data breaches have become such a common occurrence that it is easy to despair that concepts like privacy and security are antiquated and we should simply accept data leakage as a new normal. Homomorphic Encryption (HE) is a method of secure computation which allows for calculations to be made on encrypted data without decrypting it and without giving away information about the operations being done. While HE has historically been plagued by computational inefficiencies, the field is rapidly advancing to a point where it is efficient enough for practical use in limited settings. In this paper, we argue that, with sufficient investment, HE will become a practical tool for secure processing of big data sets.

An Approach to Botnet Malware Detection Using Nonparametric Bayesian Methods

Botnet malware, which infects Internet-connected devices and seizes control for a remote botmaster, is a long-standing threat to Internet-connected users and systems. Botnets are used to conduct DDoS attacks, distributed computing (e.g., mining bitcoins), spread electronic spam and malware, conduct cyberwarfare, conduct click-fraud scams, and steal personal user information. Current approaches to the detection and classification of botnet malware include syntactic, or signature-based, and semantic, or context-based, detection techniques. Both methods have shortcomings and botnets remain a persistent threat. In this paper, we propose a method of botnet detection using Nonparametric Bayesian Methods.