The Palo Alto Research Centre (PARC) and George Mason University (GMU) have been awarded a contract from the U.S. Defence Advanced Research Project Agency (DARPA) Configuration Security program (ConSec). Researchers from PARC and GMU will collaborate on project SCIBORG: Secure Configurations for the Internet of Things (IoT) based on Optimisation and Reasoning on Graphs. The goal of SCIBORG is to devise fundamentally new approaches to determine security configurations that protect critical infrastructure and IoT-based systems.
“SCIBORG will measure its success in terms of the reduction of the impact of potential attacks. To reason about the security of an IoT configuration, it is important to evaluate the attack paths that are available to the adversary,” said Hamed Soroush, Senior Researcher at PARC and the Principal Investigator. “Configuration settings that reduce the impact of these attack paths would, by this line of reasoning, be more secure.”
The ConSec program aims to develop new approaches to generate and deploy secure configurations of components that make up large cyber-physical and cyber-military systems. Particularly desired are configurations that will minimise the vulnerability to attacks while maintaining the expected functionality and performance. This is an intractable problem because the space of possible configuration settings is extremely large and because it is not clear how to reason about security and functionality in a system-of-systems scenario.
“SCIBORG’s focus on attack paths has an interesting side benefit; it provides one way to generate evidence explaining why a chosen configuration is more secure,” said Shantanu Rane, who manages the Cyber-Physical Systems Security research area at PARC and will be the co-principal investigator on this project.
To achieve SCIBORG’s goals, PARC and GMU researchers will explore per-component configurations and construct graph-based models to capture within-component and between-component dependencies among configuration elements. They will seek efficient and automated approaches to minimise the impact of possible attack paths, while maintaining functionality and performance.
“SCIBORG’s approach explicitly encodes constraints on the configuration parameters using graph-based models, allowing us to significantly reduce the actual number of configurations that need to be tested for security and functionality,” said Ersin Uzun, director of PARC’s System Sciences Laboratory.
PARC has several decades of experience in creating and developing model-based reasoning projects and have been a successful performer on several past DARPA programs in this area. Massimiliano Albanese, associate professor in the GMU Department of Information Sciences and Technology, will serve as a faculty collaborator on SCIBORG. Prof. Albanese has played a leading role in developing the approaches that facilitate joint reasoning about security and functionality in system-of-systems scenarios.