Upload
afosr
View
216
Download
0
Embed Size (px)
Citation preview
8/7/2019 3. Herklotz - Information
1/26
INFORMATION OPERATIONS
&SECURITY
14 March 2011
Dr. Robert HerklotzProgram Manager
AFOSR/RSLAir Force Office of Scientific Research
AFOSR
Distribution A: Approved for public release; distribution is unlimited. 88ABW-2011-0777
8/7/2019 3. Herklotz - Information
2/26
2
2011 AFOSR SPRING REVIEW2311F PORTFOLIO OVERVIEW
NAME: Dr. Robert Herklotz
GOAL OF PROGRAM:
Fund science that will enable the AF and DOD to dominatecyberspace: Science to develop secure information systems for ourwarfighters and to deny the enemy such systems.
SUB-AREAS IN PORTFOLIO:
Formal Methods, Secure Software, Secure Hardware, Secure Data,Security Policy, Science of Security
8/7/2019 3. Herklotz - Information
3/26
3
Scientific Challenges
Science of Security
Covert Channels: Steganographyand Steganalysis
Security Policy
Execute Mission On InsecureComponents
8/7/2019 3. Herklotz - Information
4/26
4
Transformational Opportunities
Develop a theory of cyber security to understand thesecurity of system architectures
Develop a theory of Covert Channels and relationships
to system architectures Future Dynamic cyber systems will be managed
autonomously by dynamic policies
Methods to Fight through attack and autonomiclyrecover will be needed to execute the missioncontinuously
8/7/2019 3. Herklotz - Information
5/26
5
Other Organizations That FundRelated Work
ARO, ONR, NSA, NIST, NSF, IARPA, DARPA, DHS
Niche:
Science of Security
Covert Channels: Steganography and Steganalysis
Security Policy
Execute Mission On Insecure Components
P T d
8/7/2019 3. Herklotz - Information
6/26
6
Program Trends:Information Operations & Security
Formal Methods Advanced theorem proving
Static analysis Dynamic analysis Symbolic evaluation and constraint solving
Secure Software Code-level specification/verification Obfuscation
Artificial, dynamic diversity Fully homomorphic encryption Statistical models, error virtualization and rescue points Automated Program Repair with Genetic Programming Binary translation
Secure Hardware Combinational logic
Secure Data Theory for incentive-compatibility
Security Policy policy specification language Novel logics abstractions for security policy compliance
Science of Security Hyperproperties Information flows/covert channels
T hH i
8/7/2019 3. Herklotz - Information
7/26
7
TechHorizonsPriority Key Technology Areas
(Information Operations and Security, RSL)
Autonomous systems Autonomous reasoning and learning
Resilient autonomy
Complex adaptive systems
V&V for complex adaptive systems
Collaborative/cooperative control
Autonomous mission planning
Cold-atom INS
Chip-scale atomic clocks
Ad hoc networks
Polymorphic networks
Agile networks
Laser communications
Frequency-agile RF systems
Spectral mutability Dynamic spectrum access
Quantum key distribution
Multi-scale simulation technologies
Coupled multi-physics simulations
Embedded diagnostics
Decision support tools
Automated software generation
Sensor-based processing
Behavior prediction and anticipation
Cognitive modeling
Cognitive performance augmentation
Human-machine interfaces
8/7/2019 3. Herklotz - Information
8/26
8
Recent Transitions
Hatcliff-KSU/Apple-Princeton: a novel Hoare logic forspecifying and verifying expressive information flowpolicies as needed in MLS systems and cross-domainsolutionsto DoD projects and industry
Weimer UVA and Forrest UNM: Automatically andsafely generate program repairsto DARPA andIARPA
Anti-forensics research transitionedto AF
Botnet research transitioned to applied programsDHS, ARL
8/7/2019 3. Herklotz - Information
9/26
9
Towards a General Theory of CounterdeceptionScott Craver, Binghamton University, Binghamton, New York
In counterdeception problems, we seek to detectunauthorized behavior, while an attacker seeks toevade our detection algorithm.
Many hard security problems today arecounterdeception problems
Virus detection and intrusion detection
Covert communications (steganography)
Biometrics and face/voice recognition Spam filtering
Media forensics and tamper detection
Digital Watermarking (our area)
8/7/2019 3. Herklotz - Information
10/26
10
The Big Problem
Cryptography has a strong theoretical foundation;adversarial detection does not.
Previous work, based on classical detection theory,
wrongly models the adversary as noise. Adversaries adaptively attack fixed detection
algorithms (so-called oracle or sensitivity attacks)
Detectors leak information with use, to a degree thatisnt exactly known
In fact, we cant say much at all about the security ofa detector.
8/7/2019 3. Herklotz - Information
11/26
11
Problem: Entropy Of A Detector
Adversaries can reverse-engineer a detector by itsresponse to experimental inputs
Often very quickly, using basic linear algebra orgradient descent
Quickly means linear in the number of features n(the dimension of feature space) examined by thedetector.
What we want:
To characterize the entropy of a region in space, ina way that captures difficulty of mapping it out;
A detector that maximizes entropy, or at
least takes more than linear time to break.
8/7/2019 3. Herklotz - Information
12/26
12
Basic Result
If a detector satisfies some basic error constraints...
Bounds on false alarm and miss rate
...then the detector surface is locally flat
A disc at the surface must have most of a hemisphereoutside and most of a hemisphere inside
Implies an entropy bound of nlog n
n is the data size (dimension of space)
Estimate slope of disk with O(n) tries
O(2n
) discs to reverse-engineer Entropy is roughly the log of # of tries
Attacker can beat you in at most 2^(nlog n)
tries, now an attacker can beat you in
about n tries
8/7/2019 3. Herklotz - Information
13/26
13
Science Base for SecurityFred B. Schneider, Cornell University
SCIENCE: A body of laws that are predictive
Transcend specific systems, attacks, and defenses.
Laws are not necessarily quantitative, but:
Applicable in real settings
Provide explanatory value
Abstractions and models
Connections and relationships
8/7/2019 3. Herklotz - Information
14/26
14
Laws about What?
Features:
Classes of policies
Classes of attacks
Classes of defenses Relationships (= SoS)
Defense class D enforces policyclass P despite attacks from classA.
Application App new policies P New policies P new attacks A New attacks A new defenses M
Attacks
Defenses Policies
8/7/2019 3. Herklotz - Information
15/26
15
Foundations for Policy
Policy: What the system should do; what the system should not do: Confidentiality: Who is allowed to learn what?
Integrity: What changes are allowed by system. includes resource utilization, input/output to environment.
Availability: When must service be rendered.
Hyper-properties: sets of sets of traces. Can be decomposed into: Safety hyper-property
Liveness hyper-property
Expressive enough for all security policies and has a
formal mathematical foundation.
8/7/2019 3. Herklotz - Information
16/26
16
Power of Obfuscation
What class of attacks are resisted by making
semantics-preserving random transformations?
All morphs implement the same interface.
Interface attacks. Obfuscation cannot blunt attacks that exploit
the semantics of that (flawed) interface.
Implementation attacks. Obfuscation can blunt attacks thatexploit implementation details.
Thm: Obfuscation and probabilistic dynamic typesystems defend against the sameimplementation attacks.
8/7/2019 3. Herklotz - Information
17/26
17
Quantification of Integrity Erosion
Contamination (dual of leakage) Output := (t, u) Predict untrusted input from trusted input and trusted output
Suppression (trusted input suppressed from trusted output): n := rand(); Output := t XOR n Predict trusted input from trusted output.
Thm: Leakage + Suppression = Constant
Applications: Comparison and evaluation of database privacy schemes:
K-anonymity [Sweeney 02]
Doesnt bound leakage or suppression
Entropy L-diversity [Machanavajjhala et al. `07]
Suppresses at least L bits of information about individual
Differential Privacy [Dwork 06]
Bounds derived.
untrusted
ProgramUser
Attacker
Usertrusted
E id b d T t i
8/7/2019 3. Herklotz - Information
18/26
18
Evidence-based Trust inLarge-scale MLS Systems
John Hatcliff (PI), Kansas State University andAndrew Appel, Princeton University
This project aims to provide innovations in architecturemodeling, semantic analysis, and logic-based verificationtechniques that dramatically increase the safety, security,and ability to certify critical components of DoD systems
It targets security architectures such as MultipleIndependent Levels of Security (MILS) and developingtechniques that dramatically improve assurance and
reduce certification costs in MILS components.
8/7/2019 3. Herklotz - Information
19/26
19
Technical Achievements
--# derives
--# Output_1_Data from
--# Input_0_Data
--# when (Input_0_Ready and
--# Output_1_Ready),
--# Output_1_Data,
--# when (not Input_0_Ready or
--# not Output_1_Read),
--# Input_0_Ready,
--# Output_1_Ready
One of our most important achievement to date is a novel Hoare logic for
specifying and verifying expressive information flow policies as needed inMLS systems and cross-domain solutions
SPARK Ada Program Info Flow Spec
flows exist onlyunder certainconditions
I. Our logic provides a formal semanticfoundation for specifying howinformation should flow betweenprogram components
non-interference, non-leakage
II. A proven correct pre-condition generationalgorithm automatically generates a derivationin the logic showing that a program conformsto its information flow specification
III. Using advanced compiler technology, wemake the logic easy to use for programmersand verification teams by presenting it in high-
level user-friendly program-level annotations
Logic is embedded (hidden) in the SPARK Adalanguage designed for programming criticalsystems (could also work for safety-critical C)
8/7/2019 3. Herklotz - Information
20/26
20
Automated Program RepairWeimer (University of Virginia) and Forrest (University of New Mexico)
Research Goal: Automatically and
safely generate program repairs
Result: Automatic repairs of over adozen defect types, including securityvulnerabilities. Analyzed evolutionaryalgorithm on programs totalinghundreds of thousands of lines ofcode. Demonstrated close-loop hotrepair of running server.
Technique: Use genetic
programming techniques to searchthe space of nearby programs untilone is found that repairs the bug andmaintains required functionality.Ordinary test cases are used toevaluate candidate program repairs.
Highlights: Keynote at OPSLA10,best paper and presentationawards at multiple conferences,gold human-competitive award @GECCO
C t S it f C dit S ft
8/7/2019 3. Herklotz - Information
21/26
21
Component Security of Commodity SoftwareKwon and Su, UC Davis
Research Goal: Identify and
demonstrate prevalence of unsafeloading of components in modernsoftware.
Example: (1) Attacker co-locatesmalicious DLL with file on aWebDAV share. (2) Victim opensthe file and executes the maliciousDLL.
Result: Discovered 4000 unsafe
loadings on 27 popular Windows(including Office) and 24 LinuxUbuntu applications. Found 41remotely exploitable unsafeloadings under Windows.
Technique: Detection of unsafe
loadings via offline-profile analysisand dynamic profile generation
Highlights:
Extensive media coverage:
Reuters, ComputerWorld andNetwork World, among others
Microsoft issued a hotfix
ACM Distinguished Paper
Award
C i E d D
8/7/2019 3. Herklotz - Information
22/26
22
Computing on Encrypted DataGentry/Boneh, Stanford
Longstanding open problem Many useful applications
Store encrypted database in cloud or untrusted data center
Produce encrypted query result, without decryptingdata
Private Internet search Encrypt my query, send to Google, receive encrypted result
Breakthrough in cryptography [Gentry (Stanford)]
Homomorphic encryption: E[x], E[y] E[x+y], E[xy]
x1 x2 x3 x4
+
f(x1,,x4)
For any function f :
E[x1], , E[xn] E[ f(x1,,xn )]
Student Craig Gentry received 2010ACM Doctoral Dissertation Award for hishomomorphic encryption breakthrough
Advisor: Boneh
8/7/2019 3. Herklotz - Information
23/26
23
Towards Statistically Undetectable SteganographyJessica Fridrich, Binghamton University
Objectives
Identify fundamental laws determining security of covert communication indigital multimedia objects, such as images or video. Determine an appropriate measure of secure payload for practical data-hiding methods. Use it for design and benchmarking. Develop practical methods capable of embedding large payloads withminimal statistical impact.
Main requirement:Undetectability(no algorithmcan distinguish stego andcover objects with successbetter than random guessing)
Warden: passive
Constructing Practical Secure
8/7/2019 3. Herklotz - Information
24/26
24
Constructing Practical SecureSteganographic Schemes
There exist two fundamental approaches to designing securesteganography:
(1) Model-based: Choose a model (statistical distribution) and forcethe embedding to preserve it (2) Distortion-based: Choose a distortion measure and minimize itwhile embedding.
In (1), the model must be simple = unrealistic. While the embedding issecure within the model, it may become even more insecure for a differentmodel. The problem is lack of robustness to the model.
In (2), the designer gives up perfect security (it is unachievable anyway)but gains substantially because even very complex (realistic) distortionmeasures can be used with low implementation complexity.
Most practical embedding schemes that follow (2) are ad hoc,suboptimal, and it is not clear how to optimize their design.
8/7/2019 3. Herklotz - Information
25/26
25
The Gibbs construction
The breakthroughs: Discovered a connection between statistical physics andsteganography. Porting of powerful algorithms from physics to the field ofinformation security. The first scheme that considers interaction of embeddingchanges. General framework for adaptive steganography.
1) Methodology for obtaining the rate
distortion bounds using the Gibbssampler.2) Methodology for simulating the impact of optimal schemes (operating on
the bound). This is achieved using the Gibbs sampler, too.3) Methodology for building near-optimal practical embedding schemes.
Achieved using syndrometrellis codes on disjoint sublattices of pixels and
the Gibbs sampler.
8/7/2019 3. Herklotz - Information
26/26
26
The Gibbs construction in practice
Steganaly
zererrorPE
undetectable steganography (detector makes random guesses)
Perfectdetection
Relative payload in bits per pixel Relative payload in bits per pixel
Very significant improvement over prior art Very high payloads of ~0.20.4 bits per pixel can be embeddedundetectably, depending on the cover source.
Changes of pixels by 2 are beneficial as long as made adaptively
Prior art