ECS 289M: Attack Analysis (Spring 2011)

ECS 289M: Insider Threats and Attacks on Critical Systems (Spring 2011)

Basic Course Details:

Instructor: Professor Sean Peisert

Email: peisert@cs.ucdavis.edu
Office Location: 2111 Watershed (directions)
Office Hours: Tu/Th 10:45a--11:45a, or by appointment

Meeting place and time:
- Tu/Th 4:40p-6:00p (110 Hunt)
- No class on Tuesday, May 24 or Thursday, May 26 (Oakland conference)
CRN: 30960
Prereqs: ECS 150, 153, 235A, or permission of instructor.
Concept: We will discuss concepts and papers at each class session. Students will volunteer (or be volunteered) to rotate presenting papers to the class. Over the course of the quarter, students will gather ideas to do a course project, which will be due in lieu of a final exam on the last day of class.
This course builds on a related course in 2010 but focuses less on tools and techniques and more on specific types of attacks to analyze, including insider threats and critical systems.
Grading:
- Project/Homework: 60% of final grade
- Paper presentation: 20% of final grade
- General class participation: 20% of final grade

Course Outline and Reading (Rough)

Discussion Date	Topic/Theme/Papers
Tuesday, March 29	Intro to the Class and a Case Study no reading yet
Thursday, March 31	Insider Threats Guest Speaker: Matt Bishop, UC Davis
Tuesday, April 5	Insider Threats Christian W. Probst, Jeffrey Hunker, Matt Bishop, and Dieter Gollmann, Countering Insider Threats (Dagstuhl Seminar Proceedings), 2008. Matt Bishop, Lizzie Coles-Kemp, Dieter Gollmann, Jeffrey Hunker, and Christian W. Probst, Insider Threats: Strategies for Prevention, Mitigation, and Response (Dagstuhl Seminar Proceedings), 2010.
Thursday, April 7	Insider Threats Matt Bishop, Sophie Engle, Deborah A. Frincke, Carrie Gates, Frank L. Greitzer, Sean Peisert, and Sean Whalen, "A Risk Management Approach to the 'Insider Threat,'" Insider Threats in Cyber Security, pp. 115–138, Springer Verlag, 2010. Frank L. Greitzer and Deborah A. Frincke, "Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation," Insider Threats in Cyber Security, pp. 85–113, Springer Verlag, 2010.
Tuesday, April 12 3:10pm	Insider Threats Lizzie Coles-Kemp and Marianthi Theoharidou, "Insider Threat and Information Security Management," Insider Threats in Cyber Security, pp. 45–71, Springer Verlag, 2010. A. Beautement, M. A. Sasse, and M. Wonham, "The compliance budget: Managing security behaviour in organisations," Proc. of NSPW 2008.
Thursday, April 14 4:40pm	Control Systems R. Krishnan, "Meters of Tomorrow," IEEE Power and Energy Magazine, pp. 92-94, Mar. 2008. A. Ipakchi and F. Albuyeh, "Grid of the future", IEEE Power and Energy Magazine, pp. 52-62, Mar. 2009. H. Khurana, M. Hadley, N. Lu, and D.A. Frincke, "Smart-Grid Security Issues," IEEE Security & Privacy Magazine, 8(1):81–85, 2010.
Tuesday, April 19 3:10pm	Control Systems M.D. Ilic, et al., "From hierarchical to open access electric power systems," Proceedings of the IEEE, 95(5):1060–1084, 2007. The Smart Grid Interoperability Panel Cyber Security Working Group, Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security, Sept. 2010. Sections: 3.1–3.3, 3.7–3.25 (skim!) Further reading: L. D. Kannberg, M. C. Kintner-Meyer, D. P. Chassin, R. G. Pratt, J. G. DeSteese, L. A. Schienbein, S. G. Hauser, W. M. Warwick, "GridWise: The Benefits of a Transformed Energy System," p. 25, Nov. 2003. Pacific Northwest National Laboratory under contract with the United States Department of Energy. S. Massoud Amin, "Securing the Electricity Grid," The Bridge, 40(1), 2010.
Thursday, April 21 3:10pm	Critical Systems Guest Speaker: Christian Kreibich, ICSI
Tuesday, April 26 3:10pm	Control Systems Symantec, "W32.Stuxnet Dossier (v.1.4)," February 2011.
Thursday, April 28 4:40pm	Control Systems D. Salmon, M. Zeller, A. Guzman, V. Mynam, and M. Donolo, "Mitigating the Aurora Vulnerability With Existing Technology," Tech report, Schweitzer Engineering Lab, 2009. M. Zeller, "Myth or Reality – Does the Aurora Vulnerability Pose a Risk to My Generator?" Tech report, Schweitzer Engineering Laboratories, Inc., 2010. R. S. Boyer, M. W. Green and J S. Moore, "The Use of a Formal Simulator to Verify a Simple Real Time Control Program," Beauty is Our Business, Springer-Verlag, 1990, pp. 54-66.
Tuesday, May 3 3:10pm	Control Systems Guest Speaker: Charles McParland, Berkeley Lab
Thursday, May 5 3:10pm	Critical Systems Guest Speaker: Ed Talbot, Sandia National Laboratories
Tuesday, May 10 3:10pm	Control Systems M. Pipattanasomporn, H. Feroze, S. Rahman, "Multi-Agent Systems in a Distributed Smart Grid: Design and Implementation," Proc. IEEE PES 2009 Power Systems Conference and Exposition, Mar. 2009. R. Anderson and S. Fuloria, "Who controls the off switch?" Proc. of IEEE SmartGridComm, October 2010. R. Anderson and S. Fuloria, "On the security economics of electricity metering," Proc. of WEIS, 2010. Further reading: H. Qi, W. Zhang, L. M. Tolbert, "A resilient real-time agent-based system for a reconfigurable power grid," Proc of the 13th International Conference on Intelligent Systems Application to Power Systems, Nov. 6-10, 2005. M. Chen, C. Nolan, X. Wang, S. Adhikari, F. Li, H. Qi, "Hierarchical utilization control for real-time and resilient power grid," Proc of the 21st Euromicro Conference on Real-Time Systems (ECRTS), 2009. Stephane Caron, George Kesidis, "Incentive-based Energy Consumption Scheduling Algorithms for the Smart Grid," 1st IEEE SmartGridComm 2010, October 2010 H. Qi, L. Tolbert, F. Li, X. Wang, K. Tomsovic, F. Z. Peng, P. Ning, M. Amin, "Securing the power grid with collaborative embedded intelligence," Proc. of the Workshop on New Research Directions for Future Cyber-Physical Energy Systems, June 2009.
Thursday, May 12 3:10pm	Control Systems Guest Speaker: Steven Templeton, UC Davis
Tuesday, May 17 3:10pm	Control Systems T. Denning, A. Borning, B. Friedman, B.T. Gill, T. Kohno, and W.H. Maisel, "Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices," Proc. of CHI, 2010. W.H. Maisel and T. Kohno, "Improving the Security and Privacy of Implantable Medical Devices," New England Journal of Medicine, 362(13), April 2010. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, "Experimental Security Analysis of a Modern Automobile," Proc. of IEEE Security & Privacy, Oakland, May 2010. H. K. Prasad, J. A. Halderman, R. Gonggrijp, S. Wolchok, E. Wustrow, A. Kankipati, S. K. Sakhamuri, V. Yagati, "Security Analysis of India's Electronic Voting Machines," Proc. of ACM CCS, 2010.
Thursday, May 19 3:10pm	Red Teaming, Data Sanitization & Critical Systems Guest Speaker: Matt Bishop, UC Davis
Tuesday, May 24	*No Class: Oakland Conference*
Thursday, May 26	*No Class: Oakland Conference & GGCS Spring Research Forum*
Tuesday, May 31 3:10pm	Student Presentations
Thursday, June 2 3:10pm	Student Presentations

Project/Homework

Details TBA.