Computer Security Research
The Data Science and Technology Department is an active participant in a number of projects in the arena of computer security. Research sponsors have included DOE's ASCR program, DOE OE's CEDS program, DOE NNSA, and NSF's SaTC program, among others. Historically, projects have had a very broad cross-section of foci, though current projects tend to focus on security in high-performance computing environments, and security of cyber-physical systems, notably in the energy sector. These projects include collaborations with UC Berkeley, UC Davis, and numerous other academic and National Lab partners.
LBNL has had a leadership role in security in scientific computing environments for many years, including the development of the Bro Network Security Monitor, as well as leading several DOE-sponsored activities related to defining a cybersecurity research program within the DOE Office of Science.
More recently, LBNL is serving as the lead of the "Cyber R&D" Enterprise Cyber Capability (ECC) of the DOE-wide Integrated Joint Cybersecurity Coordination Center (iJC3) — a sponsored R&D program that currently involves ten DOE National Laboratories as performers.
DOE Cybersecurity R&D Challenges for Open Science: Developing a Roadmap and Vision, January 24–26, 2007 [news, report]
ASCR Cybersecurity for Scientific Computing Workshop, June 2–3, 2015 [report]
LBNL's work on cybersecurity R&D is cross-directorate and includes scientists not only from the Computational Research Division, but also ESnet and NERSC in Computing Sciences, as well as LBNL's Energy Technology Area, and a number of external academic and industry partners. Contributors to this cross-disciplinary team in the past few years include, but are not limited to:
David Bailey (CRD Senior Scientist 1998-2011) → retired / UC Davis Research Fellow
Olivier Chevassut (1998-)
Bogdan Copos (Ph.D. 2017) → SRI International
Orianna DeMasi (Scientist 2010-2013) → UC Berkeley Ph.D. program
Jonathan Ganz (Ph.D. 2017)
Reinhard Gentz (Ph.D. 2017) → LBNL Computer Systems Engineer
Chuck McParland (CRD Staff Scientist 1978-2014) → retired / RTISYS, Inc.
Taghrid Samak (CRD Research Scientist 2010-2014) → Google
Emma Stewart (ETA Scientist 2013-2017) → LLNL
Vincent Stoffer (IT Division 2012-2016) → Corelight, Inc. (née Broala)
Brian Tierney (ESnet Scientist 1988-2017) → retired
Sean Whalen (Ph.D Student / I3P Fellow / Postdoc 2009-2013) → Columbia → Mt. Sinai School of Medicine → UC San Francisco
A partial listing of current projects is as follows:
- Toward a Hardware/Software Co-Design Framework for Ensuring the Integrity of Exascale Scientific Data. This project takes a broad look at several aspects of security and scientific integrity issues in HPC systems. It is funded by DOE ASCR and is led by Sean Peisert. See Scientific Computing Integrity project website.
- Inferring Computing Activity Using Physical Sensors. This project is using power data to identify computational operations, particularly in high-performance and cloud computing environments. This project is led by Sean Peisert at LBNL. See project website for inferring computing activity with power data.
- Cybersecurity for the Power Distribution Grid.This project is using micro-PMU measurements and SCADA commands to develop a system to detect cyberattacks against the power distribution grid. It is funded by DOE OE's CEDS program and is led by Sean Peisert. See µPMU Cyber Security project website.
- An Automated, Disruption Tolerant Key Management System for the Power Grid. This project is designing and developing a key management system to meet the unique requirements of electrical distribution systems (EDSs). It is funded by DOE OE's CEDS program, is a partnership with PNNL, and is led at LBNL by Sean Peisert. See Power Grid Key Management project website.
- Threat Detection and Response with Data Analytics. This project is developing technologies and methodologies to protect the grid from advanced cyber and all-hazard threats through the collection of disparate data and the employment of advanced analytics for threat detection and response. The project is funded by DOE OE's CEDS program as part of the DOE Grid Modernization Initiative. The project is led by LLNL, co-led by Sean Peisert at LBNL, and also includes partnerships with INL, ORNL, PNNL, and SNL. Utility partners include the Electric Power Board (EPB), National Rural Electric Cooperative Association (NRECA). See Threat Detection and Response with Data Analytics project website.
- Distributed Detection of DDoS Attacks on the WAN. This project is examining ways in which operators of wide-area networks (WANs) cam better use their vantage points to detect DDoS attacks before they reach individual sites. It is particularly focused on large-scale science traffic as seen in ESnet and certain other national and regional "research and education" networks. This project is funded by DOE's iJC3 Cyber R&D program and is led by Sean Peisert at LBNL.
- Network Measurement, Analysis and Visualization. NetSage is a network measurement, analysis and visualization service funded by the National Science Foundation and is designed to address the needs of today's international networks. This project is co-led by Sean Peisert at LBNL. See NetSage project website.
Several recent projects include the following:
- Application of Cyber Security Techniques in the Protection of Efficient Cyber-Physical Energy Generation Systems. This project was funded by DOE OE's CEDS program and was co-led by Chuck McParland and Sean Peisert. Specifically, we designed and developed a security monitoring and analysis framework for control systems. The goal was to integrate the monitoring and analysis of network traffic and serial communication with an understanding of physical device constraints within a single intrusion detection system (IDS) to enhance resilience of cyber physical systems. See CPS security project website.
- A Mathematical and Data-Driven Approach to Intrusion Detection for High-Performance Computing. In this project, CRD researchers developed mathematical and statistical techniques to analyze the access and use of high-performance computer systems. This project was funded by the U.S. Department of Energy's Applied Mathematics Section. LBNL, which was the lead institution for the project, also funded UC Davis and the International Computer Science Institute (ICSI) at UC Berkeley in this activity via subcontracts from LBNL. See Mathematical Approach to Intrusion Detection in HPC project website.
- Our work in computer forensics has sought to establish a rigorous, scientific model of forensic logging and analysis that is both efficient and effective at establishing the data that is necessary to record in order to understand past events. While forensics traditionally looks at available data and attempts to draw conclusions from it, we, in contrast, seek to understand the questions that we want to answer, and then derive what data is necessary to support answers to those questions. In the past, this work has been supported by the Institute for Information Infrastructure Protection (I3P). At LBNL, this project is led by Sean Peisert. See computer forensics research project website.
- Our work in the insider threat also takes a non-traditional approach. Whereas, security has traditionally been defined with respect to a perimeter, using static and binary access control decisions, we assert that such a perimeter no longer exists and that traditional access control techniques inhibit authorized users from performing their job. We define the "insider threat" as a combination of (a) access to a particular resource, (b) knowledge of a particular resource, and/or (c) trust of an individual by a particular organization. Moreover, the insider threat is clearly also not binary, but a spectrum of "insiderness" based on the aforementioned qualities. We seek to develop access control solutions that integrate this understanding in combination while also being informed by social science of how users may react most optimally to system access control and countermeasures. At LBNL, this project was led by Sean Peisert. See insider threat research project website.
- Symbiosis in Byzantine Fault Tolerance and Intrusion Detection. This project was funded by NSF's SaTC program, and was co-led by Sean Peisert. The theme of this effort was to integrate Byzantine fault-tolerance (BFT) into intrusion detection systems (IDS), at both the fundamental and system levels, thereby improving both BFT and IDS. potential to improve BFT. See BFT+IDS project website.
- This seed project looked at defining means for understanding what data can be sanitized, and how. Traditional techniques often either make data unusable for research or operational purposes or fail to completely sanitize the data. Thus, our data sanitization work built on past techniques by also using an "open world" assumption. We also asked, what are the relationships between data fields that would need to be made in order to reveal certain information, what associations need to be protected in order to conceal certain information, and, finally, given policy constraints by the different stakeholders, can a dataset be sanitized in a way that satisfies the policies of all of those people, or would certain compromises to one or more policies need to be made? At LBNL, this project was led by Sean Peisert and was funded by the Institute for Information Infrastructure Protection (I3P). See data sanitization research project website.
- The Hive Mind: Applying a Distributed Security Sensor Network to GENI. This project was funded by NSF's CISE Directorate, and was led by Sean Peisert. The project sought to define and prototype a security layer using a method of intrusion detection based on mobile agents and swarm intelligence. The project's goal was to provide a lightweight, decentralized, intrusion detection method that is adaptable to changing threats while communicating suspicious activity across hierarchical layers to humans who can respond when needed. The goal was to augment, not replace, more traditional security mechanisms. See Hive Mind project website.
- Host and Network Resilience. LBNL's component of this project focused on mapping and analyzing the qualities of resilient networks by investigating components of redundancy, diversity, quality of service, etc... The project's goal is to be able to quantify and compare the resilience of networks in a scientifically meaningful way. See Resilience project website.
- Secure and Private Acquisition, Storage, and Analysis of Medical Sensor Data. This project is developing a system-based workflow to securely acquire wireless data from mechanical ventilators in critical care environments, and leverage scalable web-based analytic platforms to advance data analytics and visualization of issues surrounding patients with respiratory failure. See Medical project website.
- NNSA Cyber Sciences Lab (CSL). Using seed funding from the NNSA CIO, this consortium of eight DOE laboratories worked to form an enduring, national computer security research laboratory to address cybersecurity threats. Research efforts that the laboratory would address ranged from very short-range, tactical issues that leverage current capabilities, to very long-range research with results and solutions that may not be deployable for over 20 years. LBNL's effort was led by Deb Agarwal and Sean Peisert. See NNSA Network Vision website.