Constraint Based Intrusion Detection
Detecting intrusions in conventional networks must deal with the dynamic nature of these networks. Often users connect multiple devices, and the regular installation new applications with new protocols is not unusual. However, industrial control networks and command and control networks are substantially different. Examples of these networks are air traffic control systems, the NASA launch control network, mining equipment infrastructure and aircraft fly by wire systems. These networks have safety critical aspects and are subject to government regulations in some domains. One of the key components of these networks is the static nature, the devices and protocols of the network change infrequently and are usually subject to extensive testing before the changes are deployed. We use this fact to build a formal model of the network traffic. We provide a modular specification that specifies the syntax of the protocols and a set of constraints that represent those components of the protocol semantics that must be checked. From this specification we generate a parser and custom constraint engine that validates the traffic.
Web Application Migration
Web Applications are complex systems that change over time. We currently have two sub-projects in the Web Application Migration Project.
The first is to migrate applications from relational databases to NOSQL document data stores. When the web application is first created, developers often choose to implement using a single relational database system. For some types of applications, the benefit of NOSQL becomes apparent. However, some of the data such as user information should remain in the relational database. While approaches to convert the schema and data for a relational database to a NOSQL database, this project examines a semi-automated approach to migrate the code of the application to use the modified database.
The second sub-project looks at interference in JavaScript plug in frameworks such as jQuery. Conflicting use of variables, DOM elements, CSS and jQuery properties can cause several plugins to interfere with each other. This sub-project uses a mix of static and dynamic analysis to identify the sources of conflicts between plugins.
Interference in Real Time Models
Real time systems often make use of parallel tasks and priority based scheduling. One of the oldest issues in concurrent programming is controlling access to shared resources. However, the conventional critical section approach to shared resources can lead to a priority inversion where a lower priority process that holds a lock on a shared resource must finish before a higher priority process can gain access. This project looks to analyze the models used to generate real time automotive systems and detect possible conflicts in access to shared resources so that they can be reduced or eliminated.
Constraint Based Penetration Testing
There are two general classes of fuzzing. The first, mutation fuzzing, captures valid network traffic and looks for patterns that can be changed in an attempt to compromise the system. The other, builds a formal model of the data and generates test data designed to test the integrity of the system. Our approach represents a midpoint between the two in which we use a model that specifies the syntax and a set of constraints to identify data that, when changed, has a better chance of compromising the system.
