GGrantIndex
← Search

EAGER: A Framework For Economical Cyber Security Inspection and Assurance

$300,000FY2019CSENSF

Ohio State University, The, Columbus OH

Investigators

Abstract

This project seeks to develop and apply smart inspection methods to keep the costs of cyber security low, while ensuring the security of scientific results. Many other industries use statistical sampling and sequential inspection methods for quality assurance. Yet, at present much of cyber security relies on attempted inspection of either 100% of items of a given type (such as top priority domain name server logs) or 0% (such as many types of possible hardware inspections). Working across two major universities, Ohio State University and the University of Wisconsin, the project develops new inspection methods, tailored to cyber security objectives. Specific objectives relate to hardware, cyber software vulnerabilities, log inspection, and emergency management and related scientific research. The project explores the usefulness of these new methods to senior quality professionals to support widespread adoption. By working smarter and not harder, scientists using this approach can feel more confident that their results are trustworthy, and, at the same time, the cost curve can be bent so that research can remain cost-competitive. Specifically, the project models security metrics probabilistically and develops patterns of testing to estimate these metrics. The research addresses a variety of domains and cyber security challenges: (1) supercomputing log and hardware inspections, (2) ordinary department vulnerability sampling and estimation and improved logging and sampling (focusing on scientific infrastructure), (3) highly resourced department stratified sampling hardware, improved vulnerability decision-making, and strategic log generation and sampling, and (4) the UW Emergency Management system center. Metrics from attack-defend and standard quality assurance will be explored and serve as validation outputs for the techniques. This project seeks to meet the vital security needs by formulating an assurance framework that adapts and extends existing methods in quality control and assurance to the cyber domain. The assurance framework offers many advantages: it can address sequential decision-making, it can seek solutions that are robust to uncertain data, and it balances cost with threat reduction. The inspection methods to be studied include Multiple Complete Inspection & Inspector Inspection, Attempted 100% Inspection with Optimal Supplementation, Stratified Sampling, Sequential Sampling, and Optimal Multi-Fidelity Inspection. In each case, operating characteristic curves and other estimates of system integrity will be developed and applied. A key and unique element of the proposed approach is the combination of multiple inspection methods, including new methods, to provide a comprehensive framework for cost-effectively enhancing integrity. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →
EAGER: A Framework For Economical Cyber Security Inspection and Assurance · GrantIndex