DARPA adds PARC and GMU to its ConSec programNews
February 13, 2019
PALO ALTO, Calif. Defense Advanced Research Project Agency (DARPA) officials selected the Palo Alto Research Center, Inc. (PARC, a Xerox company) and George Mason University (GMU) to work under the agency's Configuration Security program (ConSec).
Within ConSec, researchers from PARC and GMU will collaborate on a project named Secure Configurations for the Internet of Things (IoT) based on Optimization and Reasoning on Graphs (SCIBORG). The goal of SCIBORG is to devise fundamentally new approaches to determine security configurations that protect critical infrastructure and IoT-based systems.
“SCIBORG will measure its success in terms of the reduction of the impact of potential attacks. To reason about the security of an IoT configuration, it is important to evaluate the attack paths that are available to the adversary,” says Hamed Soroush, Senior Researcher at PARC and the Principal Investigator. “Configuration settings that reduce the impact of these attack paths would, by this line of reasoning, be more secure.”
The ConSec program aims to develop new approaches to generate and deploy secure configurations of components that make up large cyber-physical and cyber-military systems. Particularly desired are configurations that will minimize the vulnerability to attacks while maintaining the expected functionality and performance. This is an intractable problem because the space of possible configuration settings is extremely large and because it is not clear how to reason about security and functionality in a system-of-systems scenario.
“SCIBORG’s focus on attack paths has an interesting side benefit; it provides one way to generate evidence explaining why a chosen configuration is more secure,” says Shantanu Rane, who manages the Cyber-Physical Systems Security research area at PARC and will be the co-PI on this project.
To achieve SCIBORG’s goals, PARC and GMU researchers will ingest per-component configurations and construct graph-based models to capture within-component and between-component dependencies among configuration elements. They will seek efficient and automated approaches to minimize the impact of possible attack paths, while maintaining functionality and performance.
“SCIBORG’s approach explicitly encodes constraints on the configuration parameters using graph-based models, allowing us to significantly reduce the actual number of configurations that need to be tested for security and functionality,” says Ersin Uzun, director of PARC’s System Sciences Laboratory.
Massimiliano Albanese, associate professor in the GMU Department of Information Sciences and Technology, will serve as a faculty collaborator on SCIBORG. Prof. Albanese has played a leading role in developing the approaches that facilitate joint reasoning about security and functionality in system-of-systems scenarios.