Protection of critical infrastructure is rapidly growing as one of the most important areas of cybersecurity. The primary goal of this project is to design and develop critical infrastructure cybersecurity assessment methodologies and associated modeling and simulation environments.
Critical infrastructures, and more broadly, nearly all safety-critical distributed systems, are large, complex, and consist of numerous components linked in complex ways. This leads to interactions that may not be expected or foreseen by the system designer (i.e., implicit interactions). The presence of implicit interactions in a system can indicate unforeseen flaws—whether intentional or accidental, innocuous or malicious. Additionally, or alternatively, such interactions can be symptoms of intentionally compromised hardware and/or software specifically designed to remain undetected. Therefore, an understanding of implicit interactions is of vital importance to ensure that systems operate as intended and are resistant to cyber-attacks.
To address this need, we are developing a set of formal methods and tools for determining whether critical infrastructure systems are protected from cyber-threats. Moreover, formal verification and analytic tools are becoming critical to building systems with significantly higher security and safety assurance.
More specifically, we are working on a rigorous, formal methods-based approach for identifying and analyzing the existence of implicit component interactions in critical infrastructure systems. Our goal is to provide a formal understanding of how and why implicit interactions can exist in distributed systems, such as those commonly found in critical infrastructures. Additionally, the methods we are developing can identify deficiencies in important existing system components, allowing for better assessment of the risks being taken by using such components in critical systems.
This project is funded by the U.S. Department of Homeland Security through a contract with the Critical Infrastructure Resilience Institute (CIRI) at the University of Illinois.
Jason Jaskolka is a U.S. Department of Homeland Security Cybersecurity Postdoctoral Scholar at Stanford University within the Center for International Security and Cooperation (CISAC). He received his Ph.D. in Software Engineering from McMaster University in 2015. His research interests include cybersecurity assurance, distributed multi-agent systems, and algebraic approaches to software engineering. More information is available on Jason's personal website.
John Villasenor is a National Fellow at the Hoover Institution and an affiliate at CISAC. He is also a professor of electrical engineering, public policy, and management, as well as a visiting professor of law, at UCLA, and a nonresident senior fellow at the Brookings Institution. More information is available on John's personal website.
Jason Jaskolka: firstname.lastname@example.org
John Villasenor: email@example.com