Absolute security is science fantasy, and perfection is the enemy of good. Good engineers realize the wisdom of that statement, and strive to develop tools, abstractions, and mechanisms that provide desired properties (like resiliency) with known certainty. But providing such properties at a specified level is easier said than done, especially for properties that are probabilistic and systems that are complex distributed combinations of hardware and software.
This talk explores attempts to provide cyber resiliency in systems that are used in critical applications. It argues that CAD tools are needed at design time to choose between alternative resiliency mechanisms, and that resiliency mechanisms are needed that provide redundancy, diversity, and adaptive behavior. It also argues that runtime sensing mechanisms need to correlate information from diverse sensors to expose attackers. Finally, it argues that by focusing on adaptation mechanisms that operate on effects rather than attacks, a system can tolerate many zero-day attacks. Taken together, we describe our work towards a pragmatic, but not perfect, approach to engineer resiliency into cyber systems for use in critical applications.
The Stanford EE Computer Systems Colloquium (EE380) meets on Wednesdays 4:30-5:45 throughout the academic year. Talks are given before a live audience in Room B03 in the basement of the Gates Computer Science Building on the Stanford Campus. The live talks (and the videos hosted at Stanford and on YouTube) are open to the public.
William H. Sanders is a Donald Biggar Willett Professor of Engineering and the Head of the Department of Electrical and Computer Engineering (www.ece.illinois.edu) at the University of Illinois at Urbana-Champaign (illinois.edu). He is a professor in the Department of Electrical and Computer Engineering and in the Department of Computer Science. He is a Fellow of the IEEE, the ACM, and the AAAS; a past Chair of the IEEE Technical Committee on Fault-Tolerant Computing; and past Vice-Chair of the IFIP Working Group 10.4 on Dependable Computing. He was the founding Director of the Information Trust Institute (www.iti.illinois.edu) at Illinois (2004-2011), and served as Director of the Coordinated Science Laboratory (www.csl.illinois.edu) at Illinois from 2010 to 2014.
Dr. Sanders's research interests include secure and dependable computing and security and dependability metrics and evaluation, with a focus on critical infrastructures. He has published more than 270 technical papers in those areas. He served as the Director and PI of the DOE/DHS Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Center (tcipg.org), which did research at the forefront of national efforts to make the U.S. power grid smart and resilient. He was the 2016 recipient of the IEEE Technical Field Award, Innovation in Societal Infrastructure, for assessment-driven design of trustworthy cyber infrastructures for societal-scale systems.
He is also co-developer of three tools for assessing computer-based systems: METASAN, UltraSAN, and Möbius. Möbius and UltraSAN have been distributed widely to industry and academia; more than 1,700 licenses for the tools have been issued to universities, companies, and NASA for evaluating the performance, dependability, and security of a variety of systems. He is also a co-developer of a tool for assessing the security of networked systems that is available commercially under the name NP-View from the startup company Network Perception, which he co-founded.