[cs615asa] Homework N: Julian Sexton

Julian Sexton jsexton at stevens.edu
Sat Apr 25 18:38:53 EDT 2015 

I also attended the NIKSUN conference with Neal. I'll give an overview of
the presentation I found most interesting.

 

It was titled "Cyber Real-Time Risk Assessment and Mission Assurance", and
the speaker was Hasan Cam, from the Army Research Laboratory. Essentially,
this speaker discussed his work in developing metrics for the quantification
of risk assessment and vulnerabilities. The way they did this was
essentially by creating a score which was calculated using different ratings
on the following categories: access vectors, impact, complexity,
authentication, confidentiality, integrity, and availability. He discussed
linear and non-linear models for this equation, as well as the importance of
controllability and observability in determining this score accurately. 

For observability, in particular, he talked about the difficulties of
implementing observability with sensors around cyberphysical systems. One
such difficulty was determining the optimal number of sensors, so that data
processing was both efficient and comprehensive. Another difficulty he
mentioned was where to actually place these sensors so that the data they
gathered would be of sufficient importance as well as correct - there are
some parts of a system that are clearly more critical than others, but
deciding on which ones to place sensors is a task in itself.

I thought it was interesting to see this, because the success of this
project would make it easier to detect vulnerabilities and assess risk in
large systems based on actual data, as opposed to static analysis of code or
blueprints. One person in particular asked whether he had considered
developing a model to assess risk assessment systems such as the one he was
developing. While I can see why this question was asked, I feel that it
would be a waste of time to do so, because that would open the door for
those assessments to need assessing.  The task at hand seemed difficult
enough as is, since abstract concepts such as confidentiality and integrity
are hard enough to assess automatically. Overall I thought the presentation
was decent, but also difficult to understand because of some of the
terminology he was using, such as "non-linear cyberphysical systems" - he
wasn't very clear about what certain things meant in the context of his
work. 

 

Here's a link to the website for this workshop. 

https://www.niksun.com/workshop/2015/

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20150425/28d783b4/attachment.html>

More information about the cs615asa mailing list