SRN: Secure and Resilient Networking
Sponsored by NSF CNS 1528099, CNS 1523994, and CNS 1526299
During this project, we cooperate with teams from Arizona state university, University of Missouri–Kansas City. We are responsible for Software Vulnerability and Moving Target Defense. Our task focuses on failures caused by vulnerabilities at the operational phase and system availability as opposed to system reliability.
SeReNe is advocating a major shift in dealing with software faults and failures on the one hand and software vulnerabilities on the other: it starts from the basic level by studying the use of fault/intrusion tolerance methods based on environmental diversity and self-adaptation for dealing with software failures (intrusions) caused by Mandelbugs (vulnerabilities) to support and implement SDN. For aging related bugs (vulnerabilities), the reactive solutions (for example, restart or operating system reboot) and proactive solutions (namely software rejuvenation) will be researched as well for SDN. SeReNe employs failure (intrusion) data analytics, recovery strategies, novel testing strategies for Mandelbugs and Mandel vulnerabilities, experimentation, stochastic models and optimization. In particular, SeReNe classifies vulnerabilities into Bohr, Non aging related Mandel and aging related ones following the approach we have used in analyzing the NASA satellite problem reports and open source bugzila reports. It also takes into considerations environmental factors responsible for Mandel and aging-related vulnerabilities so as to enhance their chances of being exposed during experimental attack campaign and thus remove them. Furthermore, SeReNe plans to apply a combination of design diversity and environmental diversity based defense technique to find an optimal mix using experiments, statistical analysis, stochastic models and optimization techniques.
Trivedi, KS; Chung, CJ; Xing, T; Huang, D; Medhi, D, SeReNe: On Establishing Secure and Resilient Networking Services for an SDN-based Multi-tenant Datacenter Environment (2015) Link
Roy, A; Kim, DS; Trivedi, KS, Cyber security analysis using attack countermeasure trees, ACM International Conference Proceeding Series (2010) Link
Roy, A; Kim, DS; Trivedi, KS, Poster abstract: ACT: Attack countermeasure trees for information assurance analysis, Proceedings – IEEE INFOCOM (2010) Link
Trivedi, KS; Kim, DS; Roy, A; Medhi, D, Dependability and security models, Proceedings of the 2009 7th International Workshop on the Design of Reliable Communication Networks, DRCN 2009 (2009), pp. 11-20 Link
Trivedi, KS; Jindal, V; Dharmaraja, S, Stochastic Modeling Techniques for Secure and Survivable Systems, Information Assurance (2008), pp. 171-207 Link
Madan, BB; Phoha, S; Trivedi, KS, StackOFFence: A technique for defending against buffer overflow attacks, International Conference on Information Technology: Coding and Computing, ITCC, vol 1 (2005), pp. 656-661 Link
Sharma, VS; Trivedi, KS, Architecture based analysis of performance, reliability and security of software systems, Proceedings of the Fifth International Workshop on Software and Performance, WOSP’05 (2005), pp. 217-227 Link
Madan, BB; Trivedi, KS, Security modeling and quantification of intrusion tolerant systems using attack-response graph, Journal of High Speed Networks, vol 13 no. 4 (2004), pp. 297-308 Link
Madan, BB; Goševa-Popstojanova, K; Vaidyanathan, K; Trivedi, KS, A method for modeling and quantifying the security attributes of intrusion tolerant systems, Performance Evaluation, vol 56 no. 1-4 (2004), pp. 167-186 Link
Nicol, DM; Sanders, WH; Trivedi, KS, Model-based evaluation: From dependability to security, IEEE Transactions on Dependable and Secure Computing, vol 1 no. 1 (2004), pp. 48-64 Link
Wang, D; Madan, BB; Trivedi, KS, Security analysis of SITAR intrusion tolerance system, Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (2003), pp. 23-32 Link
Madan, BB; Goševa-Popstojanova, K; Vaidyanathan, K; Trivedi, KS, Modeling and quantification of security attributes of software systems, Proceedings of the 2002 International Conference on Dependable Systems and Networks (2002), pp. 505-514 Link