Learning from Authoritative Security Experiment Results
Methodological Issues with IoT Experimentation
With the emergence of interconnected devices and services in the society, Internet of Things (IoT) experimentation and evaluation present new challenges and opportunities in the development and deployment of IoT solutions. This panel will focus specifically on the methodological issues of designing and conducting scientifically sound security experiments of IoT solutions. Security experts will share their research and experience and address relevant issues of IoT experimentation, such as computing resources, mathematical modelling, architectural design, and experimental environment.
Ryan Goodfellow is a computer scientist at USC/ISI and a senior developer on the Deter network testbed. His primary research focus is on creating experiments in the CPS space and developing testbed technologies that can support such experimentation - with a focus on capturing transcendental cyber-physical behavior that is unique to this space at the modeling, execution and analysis phases of experimentation. His work in this area includes mechanisms to accommodate ICT/IoT type devices and their communications protocols within the Deter network testbed, advanced physical system simulation algorithms that integrate nicely with network testbed environments, the development of modeling languages capable of expanding the purview of a network testbed into other domains and, creating large scale integrated models of power grid and Internet infrastructure.
Gabriela Ciocarlie is the program manager of SRI’s New York City research hub focused on cyberanalytics, working at the intersection of cybersecurity and data analytics. Her expertise is in anomaly detection, distributed alert correlation, network and application level security, cyber physical systems security and distributed system security. Ciocarlie is a principal investigator for the Defense Advanced Research Projects Agency's Transparent Computing program. She also focuses on security and privacy mechanisms for the Internet of Things, as part of the Internet of Things Security and Privacy Center. She has been a principal investigator on multiple commercial and Department of Homeland Security projects focusing on performance degradation detection and causal analysis for mobile broadband networks, anomaly detection for industrial control systems, cyber insurance and accountable clouds. Prior to joining SRI, Ciocarlie was a senior security research engineer at Real-Time Innovations where she worked on new security models for large-scale distributed systems with real-time and quality-of-service requirements. She has published more than 20 papers and holds multiple U.S. patents in the field of cyber security. Ciocarlie holds a Ph.D. and an M.S. in computer science from Columbia University, and a B.Eng. in computer engineering from Polytechnic University of Bucharest.
Tim Polk currently leads the National Institute of Standards and Technology’s efforts to enhance resiliency against botnets and other automated, distributed threats. Tim joined NIST in 1982, and has focused on security since 1989. In his standards work, Tim contributed to the development of numerous Internet Engineering Task Force (IETF) public key infrastructure (PKI) standards as an author, reviewer, and as co-chair of the IETF's Public Key Infrastructure using X.509 (PKIX) working group. Tim also served four years on the IETF's Internet Engineering Steering Group (IESG) as one of two Area Directors for Security, where he was responsible for the operations of seven working groups and reviewed the security aspects of every candidate RFC submitted for official publication. As one of the authors of FIPS 201, Personal Identity Verification, Tim helped realize the government-wide identity credentials envisioned by HSPD-12. Tim joined the Office of Science and Technology Policy in 2012, where he served as Assistant Director for Cybersecurity until April 2017. Since returning to NIST, Tim has split his time between the National Cybersecurity Center of excellence (NCCoE) and Commerce Department’s work. Tim is also co-author of the book “Planning for PKI”. He has degrees in Computer Science and Electrical Engineering from University of Maryland.
Moderator: Fanny Lalonde Lévesque, Ecole Polytechnique de Montreal