S. Raj Rajagopalan

Smart meter privacy: A utility-privacy framework

End-user privacy in smart meter measurements is a well-known challenge in the smart grid. The solutions offered thus far have been tied to specific technologies such as batteries or assumptions on data usage. Existing solutions have also not quantified the loss of benefit (utility) that results from any such privacy-preserving approach. Using tools from information theory, a new framework is presented that abstracts both the privacy and the utility requirements of smart meter data. This leads to a novel privacy-utility tradeoff problem with minimal assumptions that is tractable. Specifically for a stationary Gaussian Markov model of the electricity load, it is shown that the optimal utility-and-privacy preserving solution requires filtering out frequency components that are low in power, and this approach appears to encompass most of the proposed privacy approaches.

Aggregating vulnerability metrics in enterprise networks using attack graphs

Quantifying security risk is an important and yet difficult task in enterprise network security management. While metrics exist for individual software vulnerabilities, there is currently no standard way of aggregating such metrics. We present a model that can be used to aggregate vulnerability metrics in an enterprise network, producing quantitative metrics that measure the likelihood breaches can occur within a given network configuration. A clear semantic model for this aggregation is an important first step toward a comprehensive network security metric model. We utilize existing work in attack graphs and apply probabilistic reasoning to produce an aggregation that has clear semantics and sound computation. We ensure that shared dependencies between attack paths have a proportional effect on the final calculation. We correctly reason over cycles, ensuring that privileges are evaluated without any self-referencing effect. We introduce additional modeling artifacts in our probabilistic graphical model to capture and account for hidden correlations among exploit steps. The paper shows that a clear semantic model for aggregation is critical in interpreting the results, calibrating the metric model, and explaining insights gained from empirical evaluation. Our approach has been rigorously evaluated using a number of network models, as well as data from production systems.

A theory of utility and privacy of data sources

The problem of frequent private information “leakage” from the myriad large centralized searchable data repositories in use today drives the need for an analytical framework that quantifies unequivocally how safe private data can be (privacy) while still providing measurable benefit (utility) to multiple legitimate information consumers. Rate distortion theory is shown to be a natural choice to develop such a framework which includes modeling of data sources, developing application independent utility and privacy metrics, quantifying utility-privacy tradeoffs irrespective of the type of data sources or the methods of providing privacy, and developing a side-information model for dealing with questions of external knowledge.

An Anthropological Approach to Studying CSIRTs

The ethnographic method of participant observation can help researchers better understand the challenges computer security incident response teams face by illuminating underlying assumptions and tacit practices that shape how tools are actually used in different contexts.

An information-theoretic approach to privacy

Ensuring the usefulness of electronic data sources while providing necessary privacy guarantees is an important unsolved problem. This problem drives the need for an overarching analytical framework that can quantify the safety of personally identifiable information (privacy) while still providing a quantifable benefit (utility) to multiple legitimate information consumers. State of the art approaches have predominantly focused on privacy. This paper presents the first information-theoretic approach that promises an analytical model guaranteeing tight bounds of how much utility is possible for a given level of privacy and vice-versa.

Utility and privacy of data sources: Can Shannon help conceal and reveal information?

The problem of private information “leakage” (inadvertently or by malicious design) from the myriad large centralized searchable data repositories drives the need for an analytical framework that quantifies unequivocally how safe private data can be (privacy) while still providing useful benefit (utility) to multiple legitimate information consumers. Rate distortion theory is shown to be a natural choice to develop such a framework which includes the following: modeling of data sources, developing application independent utility and privacy metrics, quantifying utility-privacy tradeoffs irrespective of the type of data sources or the methods of providing privacy, developing a side-information model for dealing with questions of external knowledge, and studying a successive disclosure problem for multiple query data sources.

Hive oversight for network intrusion early warning using DIAMoND: a bee-inspired method for fully distributed cyber defense

Social insect colonies have survived over evolutionary time in part due to the success of their collaborative methods: using local information and distributed decision making algorithms to detect and exploit critical resources in their environment. These methods have the unusual and useful ability to detect anomalies rapidly, with very little memory, and using only very local information. Our research investigates the potential for a self-organizing anomaly detection system inspired by those observed naturally in colonies of honey bees. We provide a summary of findings from a recently presented algorithm for a nonparametric, fully distributed coordination framework that translates the biological success of these methods into analogous operations for use in cyber defense and discuss the features that inspired this translation. We explore the impacts on detection performance of the defined range of distributed communication for each node and of involving only a small percentage of total nodes in the network in the distributed detection communication. We evaluate our algorithm using a software-based testing implementation, and demonstrate up to 20 percent improvement in detection capability over parallel isolated anomaly detectors.

Secure RTOS Architecture for Building Automation

Building Automation System (BAS) is a computer-based control system that is widely installed in office buildings and laboratories for monitoring and controlling mechanical/electrical equipment. With the advancements in Cyber-Physical System (CPS) and Internet of Things (IoTs), BAS is in the process of becoming more intelligent by merging computing resources and network communication with physical control. Along with potential benefits, it also brings tremendous risks of security breaches and safety violations, especially when it comes to Programmable Logic Controllers (PLCs). In this paper, we systematically analyze biocontainment laboratory control models based on real case scenarios from Biosecurity Research Institute (BRI) at Kansas State University. We present a vision for a new secure Real-Time Operating System (RTOS) architecture, which leverages various technologies, including microkernel structure, Trusted Platform Module (TPM), proxy-based policy enforcement, and formal verification. The secure RTOS architecture is designed specifically to work with embedded controllers which are widely used in BAS and other CPS to achieve a highly secure and trustworthy control system.

DIAMoND: Distributed Intrusion/Anomaly Monitoring for Nonparametric Detection

In this paper, we describe a fully nonparametric, scalable, distributed detection algorithm for intrusion/anomaly detection in networks. We discuss how this approach addresses a growing trend in distributed attacks while also providing solutions to problems commonly associated with distributed detection systems. We explore the impacts to detection performance from network topology, from the defined range of distributed communication for each node, and from involving only a small percent of total nodes in the network in the distributed detection communication. We evaluate our algorithm using a software-based testing implementation, and demonstrate up to 20% improvement in detection capability over parallel, isolated anomaly detectors for both stealthy port scans and DDoS attacks.

The Human Capital Model for Security Research: New Insights into Technology Transition

As a security researcher, have you ever wondered how much of security research that is done and presented at research conferences is ever used by practitioners or is incorporated into products? Four years ago we formed a team with diverse backgrounds and embarked on a systematic study on the question of which technological solutions would security practitioners actually use if we built them. To carry this out program, we embedded our students who worked inside several Security Operation Centers (SOCs) both in universities and corporations, to learn how security solutions get used in reality. Previous efforts at improving the efficiency of SOCs have emphasized building tools for analysts or understanding the human and organizational factors involved, but they have not significantly changed the status quo -- solutions are built or bought but seldom used. This was because these efforts did not view these solutions from multiple contextual perspectives of the local participants, the analysts and their managers. After some initial failures, we realized that this kind of study is beyond the reach of conventional Computer Science approaches, so we worked with a Professor in Socio-cultural Anthropology to get a fresh look at the problem and get a new set of tools to use in our research. In our 4-year project we have used Anthropological fieldwork methods to study SOCs and in the process uncovered inherent contradictions between the multiple objectives a SOC has to meet as an organization and the conflicts between the goals of the human participants. This discovery was guided by Activity Theory, a theory proposed by the famous Social Scientist Y. Engestrom [1], which provides a framework for analyzing such kinds of fieldwork data. We discovered that successful SOC innovations must continually resolve the extant conflicts to be effective in improving operational efficiency. Our analysis provides evidence of the importance of conflict resolution as a prerequisite for operations improvement, both process and technological. It also enabled us to understand the fundamental challenge in security research, namely, why some innovations work well in SOCs while others fail. It also helped us devise a potentially successful and repeatable mechanism for introducing new technologies to future SOCs. In this talk, we will detail the important insights we gained in the course of this project so that the security research community may benefit from them and even incorporate these new tools. We will also present examples of the challenges faced by commercial manufacturers in designing security into their products and our ongoing work on using these insights to address these challenges in innovative ways that seem to fare better than previous attempts. This is based partially on joint work with Professors Xinming Ou (Southern Florida University Computer Science Department), Michael Wesch (Kansas State University Department of Anthropology), and John McHugh (Dalhousie University and RedJack, Inc, Retired) as well as their graduate students, Sathya Chandran Sundaramurthy and Alexandru Bardas.