Publications

Mayes, Daniel J.; Tarman, Thomas D.; Pinar, Ali P.

Abstract not provided.

Pinar, Ali P.; Tarman, Thomas D.; Swiler, Laura P.; Gearhart, Jared L.; Hart, Derek H.; Vugrin, Eric D.; Cruz, Gerardo C.; Arguello, Bryan A.; Geraci, Gianluca G.; Debusschere, Bert D.; Hanson, Seth T.; Outkin, Alexander V.; Thorpe, Jamie T.; Hart, William E.; Sahakian, Meghan A.; Gabert, Kasimir G.; Glatter, Casey J.; Johnson, Emma S.; Punla-Green, She?ifa P.

This report summarizes the activities performed as part of the Science and Engineering of Cybersecurity by Uncertainty quantification and Rigorous Experimentation (SECURE) Grand Challenge LDRD project. We provide an overview of the research done in this project, including work on cyber emulation, uncertainty quantification, and optimization. We present examples of integrated analyses performed on two case studies: a network scanning/detection study and a malware command and control study. We highlight the importance of experimental workflows and list references of papers and presentations developed under this project. We outline lessons learned and suggestions for future work.

Pinar, Ali P.; Tarman, Thomas D.; Swiler, Laura P.; Gearhart, Jared L.; Hart, Derek H.; Vugrin, Eric D.; Cruz, Gerardo C.; Arguello, Bryan A.; Geraci, Gianluca G.; Debusschere, Bert D.; Hanson, Seth T.; Outkin, Alexander V.; Thorpe, Jamie T.; Hart, William E.; Sahakian, Meghan A.; Gabert, Kasimir G.; Glatter, Casey J.; Johnson, Emma S.; Punla-Green, She?ifa P.

Abstract not provided.

Stickland, Michael S.; Li, Justin D.; Swiler, Laura P.; Tarman, Thomas D.

This report presents the results of the “Foundations of Rigorous Cyber Experimentation” (FORCE) Laboratory Directed Research and Development (LDRD) project. This project is a companion project to the “Science and Engineering of Cyber security through Uncertainty quantification and Rigorous Experimentation” (SECURE) Grand Challenge LDRD project. This project leverages the offline, controlled nature of cyber experimentation technologies in general, and emulation testbeds in particular, to assess how uncertainties in network conditions affect uncertainties in key metrics. We conduct extensive experimentation using a Firewheel emulation-based cyber testbed model of Invisible Internet Project (I2P) networks to understand a de-anonymization attack formerly presented in the literature. Our goals in this analysis are to see if we can leverage emulation testbeds to produce reliably repeatable experimental networks at scale, identify significant parameters influencing experimental results, replicate the previous results, quantify uncertainty associated with the predictions, and apply multi-fidelity techniques to forecast results to real-world network scales. The I2P networks we study are up to three orders of magnitude larger than the networks studied in SECURE and presented additional challenges to identify significant parameters. The key contributions of this project are the application of SECURE techniques such as UQ to a scenario of interest and scaling the SECURE techniques to larger network sizes. This report describes the experimental methods and results of these studies in more detail. In addition, the process of constructing these large-scale experiments tested the limits of the Firewheel emulation-based technologies. Therefore, another contribution of this work is that it informed the Firewheel developers of scaling limitations, which were subsequently corrected.

ACM International Conference Proceeding Series

Tarman, Thomas D.; Rollins, Trevor; Swiler, Laura P.; Cruz, Gerardo C.; Vugrin, Eric D.; Huang, Hao; Sahu, Abhijeet; Wlazlo, Patrick; Goulart, Ana; Davis, Kate

Cyber testbeds provide an important mechanism for experimentally evaluating cyber security performance. However, as an experimental discipline, reproducible cyber experimentation is essential to assure valid, unbiased results. Even minor differences in setup, configuration, and testbed components can have an impact on the experiments, and thus, reproducibility of results. This paper documents a case study in reproducing an earlier emulation study, with the reproduced emulation experiment conducted by a different research group on a different testbed. We describe lessons learned as a result of this process, both in terms of the reproducibility of the original study and in terms of the different testbed technologies used by both groups. This paper also addresses the question of how to compare results between two groups' experiments, identifying candidate metrics for comparison and quantifying the results in this reproduction study.

Tarman, Thomas D.; Swiler, Laura P.; Vugrin, Eric D.; Rollins, Trevor R.; Cruz, Gerardo C.; Huang, Hao H.; Sahu, Abhijeet S.; Wlazlo, Patrick W.; Goulart, Ana G.; Davis, Kate D.

Abstract not provided.

Tarman, Thomas D.; Swiler, Laura P.; Cruz, Gerardo C.; Vugrin, Eric D.; Rollins, Trevor R.; Huang, Hao H.; Sahu, Abhijeet S.; Wlazlo, Patrick W.; Goulart, Ana G.; Davis, Kate D.

Abstract not provided.

Outkin, Alexander V.; Schulz, Patricia V.; Schulz, Timothy S.; Tarman, Thomas D.; Pinar, Ali P.

Protecting against multi-step attacks of uncertain duration and timing forces defenders into an indefinite, always ongoing, resource-intensive response. To effectively allocate resources, a defender must be able to analyze multi-step attacks under assumption of constantly allocating resources against an uncertain stream of potentially undetected attacks. To achieve this goal, we present a novel methodology that applies a game-theoretic approach to the attack, attacker, and defender data derived from MITRE´s ATT&CK^® Framework. Time to complete attack steps is drawn from a probability distribution determined by attacker and defender strategies and capabilities. This constraints attack success parameters and enables comparing different defender resource allocation strategies. By approximating attacker-defender games as Markov processes, we represent the attacker-defender interaction, estimate the attack success parameters, determine the effects of attacker and defender strategies, and maximize opportunities for defender strategy improvements against an uncertain stream of attacks. This novel representation and analysis of multi-step attacks enables defender policy optimization and resource allocation, which we illustrate using the data from MITRE´ s APT3 ATT&CK^® Framework.

Stickland, Michael S.; Li, Justin D.; Tarman, Thomas D.; Swiler, Laura P.

Abstract not provided.

Vugrin, Eric D.; Cruz, Gerardo C.; Reedy, Christian R.; Tarman, Thomas D.; Pinar, Ali P.

Abstract not provided.

McKenzie, Taylor M.; Tarman, Thomas D.; Lamb, Christopher L.

Abstract not provided.

Vugrin, Eric D.; Cruz, Gerardo C.; Reedy, Christian R.; Tarman, Thomas D.; Pinar, Ali P.

Abstract not provided.

McKenzie, Taylor M.; Tarman, Thomas D.; Lamb, Christopher L.

Abstract not provided.

Proceedings - 2019 Resilience Week, RWS 2019

Pinar, Ali P.; Benz, Zachary O.; Castillo, Anya; Hart, Bill; Swiler, Laura P.; Tarman, Thomas D.

Securing cyber systems is of paramount importance, but rigorous, evidence-based techniques to support decision makers for high-consequence decisions have been missing. The need for bringing rigor into cybersecurity is well-recognized, but little progress has been made over the last decades. We introduce a new project, SECURE, that aims to bring more rigor into cyber experimentation. The core idea is to follow the footsteps of computational science and engineering and expand similar capabilities to support rigorous cyber experimentation. In this paper, we review the cyber experimentation process, present the research areas that underlie our effort, discuss the underlying research challenges, and report on our progress to date. This paper is based on work in progress, and we expect to have more complete results for the conference.

Vugrin, Eric D.; Cruz, Gerardo C.; Reedy, Christian R.; Tarman, Thomas D.; Outkin, Alexander V.; Urias, Vincent U.

Abstract not provided.

Swiler, Laura P.; Stickland, Michael S.; Tarman, Thomas D.

Abstract not provided.

Tarman, Thomas D.

Abstract not provided.

Cruz, Gerardo C.; Outkin, Alexander V.; Tarman, Thomas D.; Urias, Vincent U.; Vugrin, Eric D.

Abstract not provided.

Tarman, Thomas D.

This report contains a response from Sandia National Laboratories for the 2019 update to the 2016 Federal Cybersecurity Research and Development Strategic Plan.

Tarman, Thomas D.

Abstract not provided.

DeWaard, Elizabeth D.; Deccio, Casey D.; Fritz, David J.; Tarman, Thomas D.

Sandia National Laboratories hosted a workshop on August 11, 2017 entitled "Research Directions for Cyber Experimentation," which focused on identifying and addressing research gaps within the field of cyber experimentation , particularly emulation testbeds . This report mainly documents the discussion toward the end of the workshop, which included research gaps such as developing a sustainable research infrastructure, exp anding cyber experimentation, and making the field more accessible to subject matter experts who may not have a background in computer science . Other gaps include methodologies for rigorous experimentation, validation, and uncertainty quantification, which , if addressed, also have the potential to bridge the gap between cyber experimentation and cyber engineering. Workshop attendees presented various ways to overcome these research gaps, however the main conclusion for overcoming these gaps is better commun ication through increased workshops, conferences, email lists, and slack chann els, among other opportunities.

Tarman, Thomas D.

Abstract not provided.

Carroll, Malcolm; Tarman, Thomas D.

Qubits demonstrated using GaAs double quantum dots (DQD). The qubit basis states are the (1) singlet and (2) triplet stationary states. Long spin decoherence times in silicon spurs translation of GaAs qubit in to silicon. In the near term the goals are: (1) Develop surface gate enhancement mode double quantum dots (MOS & strained-Si/SiGe) to demonstrate few electrons and spin read-out and to examine impurity doped quantum-dots as an alternative architecture; (2) Use mobility, C-V, ESR, quantum dot performance & modeling to feedback and improve upon processing, this includes development of atomic precision fabrication at SNL; (3) Examine integrated electronics approaches to RF-SET; (4) Use combinations of numerical packages for multi-scale simulation of quantum dot systems (NEMO3D, EMT, TCAD, SPICE); and (5) Continue micro-architecture evaluation for different device and transport architectures.

Tarman, Thomas D.; Carroll, Malcolm; Blain, Matthew G.; Landahl, Andrew J.

Abstract not provided.

Tarman, Thomas D.; McDonald, Michael J.; Burton, David; Onunkwo, Uzoma O.; Urias, Vincent U.

Abstract not provided.