Papers by Suresh Damodaran
Proceedings of the Conference on Summer Computer Simulation, Jul 26, 2015
The speed and combinatorial nature of the evolving cyber threat demands a more flexible modeling ... more The speed and combinatorial nature of the evolving cyber threat demands a more flexible modeling and simulation (M&S) approach utilizing cyber ranges. In this paper, we provide a summary of the base-line process to conduct cyber-range events. In addition, we explain the logical range construct that allows event environments to be constructed in a location independent manner, along with its application to the various phases of cyber range events. We also describe how cyber M&S is utilized in cyber-range events, and the need for using more intelligent and autonomous simulations in the event control plane.
Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security - HotSoS '19, 2019
Increased interconnectivity of Cyber-Physical Systems, by design or otherwise, increases the cybe... more Increased interconnectivity of Cyber-Physical Systems, by design or otherwise, increases the cyber attack surface and attack vectors. Observing the effects of these attacks is helpful in detecting them. In this paper, we show that many attacks on such systems result in a control loop effect we term Process Model Inconsistency (PMI). Our formal approach elucidates the relationships among incompleteness, incorrectness, safety, and inconsistency of process models. We show that incomplete process models lead to inconsistency. Surprisingly, inconsistency may arise even in complete and correct models. We illustrate our approach through an Automated Teller Machine (ATM) example, and describe the practical implications of the theoretical results. CCS CONCEPTS • Security and privacy → Formal security models; Embedded systems security.
ArXiv, 2016
A significant barrier to the portability of queries across di- verse physical implementations of ... more A significant barrier to the portability of queries across di- verse physical implementations of large data stores, espe- cially NoSQL data stores, is that the queries reference the physical storage attributes, such as the table and column names. In this paper, we describe a technique for embed- ding ontological expressions called Address Expressions, or A-Expressions, in NoSQL queries to improve their portability across diverse physical implementations. We discuss an implementation of such queries over a MongoDB data store of the Enron email corpus with examples, and conduct a preliminary performance assessment.
Cyber risk assessment of a Cyber-Physical System (CPS) without damaging it and without contaminat... more Cyber risk assessment of a Cyber-Physical System (CPS) without damaging it and without contaminating it with malware is an important and hard problem. Previous work developed a solution to this problem using a control component for simulating cyber effects in a CPS model to mimic a cyber attack. This paper extends the previous work by presenting an algorithm for semi-automated insertion of control components into a CPS model based on Discrete Event Systems (DEVS) formalism. We also describe how to use this algorithm to insert a control component into Live, Virtual, Constructive (LVC) environments that may have non-DEVS models, thereby extending our solution to other systems in general.
TMS/DEVS Symposium on Theory of Modeling & Simulation (TMS/DEVS 2017), 2017
Increased interconnectivity of Cyber-Physical Systems, by design or otherwise, increases the cybe... more Increased interconnectivity of Cyber-Physical Systems, by design or otherwise, increases the cyber attack surface and attack vectors. It is not always desirable to do cyber risk assessment of such interconnected systems by cyber attacks on the entire system. This paper presents a formal approach for simulating cyber effects for cyber risk assessment of subcomponents of such systems using a control component based on Discrete EVent System (DEVS) models. Our approach first separates components of a system that may be directly attacked, from components of the system whose behavior need to be studied for the impact originating from those attacks. The cyber attack effects are simulated through interception of communications among the separated components. We define the types of cyber effects, and show an example of how an attack may be simulated with a control component through a case study.
Modeling and Simulation of Complexity in Intelligent, Adaptive and Autonomous Systems 2016 (MSCIAAS 2016) and Space Simulation for Planetary Space Exploration (SPACE 2016), 2016
We apply model based verification to cyber range event environment configurations, allowing for t... more We apply model based verification to cyber range event environment configurations, allowing for the early detection of errors in event environment configurations, and a reduction in the time and resources used during deployment. We categorize misconfiguration errors detected using the Common Cyber Environment Representation (CCER) ontology. We also provide an overview of a methodology to specify verification rules and the corresponding error messages. These rules have successfully detected errors in the designs of several cyber range event environments, thereby reducing cost and time to deployment.
The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 2019
Complex environments, such as the cyber domain, can benefit from modeling and simulation (mod/sim... more Complex environments, such as the cyber domain, can benefit from modeling and simulation (mod/sim) to understand the impact of new concepts and capabilities to cyber defense. Mod/sim techniques are particularly useful in trade-off analysis of attack and defense. 1,2 The mod/sim approach has also been used to study trade-offs between security and performance. 3 The National Institute of Standards and Technology (NIST) has developed a framework for improving critical infrastructure cybersecurity. 4 This framework clearly distinguishes among the functions for protecting the organizational missions, detecting an attack, responding to the attack, and recovering from it. The protection function bolsters the defensive posture of an organization by implementing cyber best practices. The effectiveness of the detect, respond, and recover functions, collectively called defensive operations, can be improved through cyber wargaming and exercises to reflect the organization's priorities. The assets to be protected may be cyber-physical systems, Information Technology (IT) systems, or an integrated environment containing both. Cyber wargaming and exercises also model and simulate the attacks and attackers, the defenses and the defenders, and the static and dynamic aspects of the environment based on the fidelity requirements. Recent improvements in mod/sim techniques, especially in cyber range-based experimentation and testing and evaluation, have the potential to enable the next generation of cyber defense approaches to enterprise computing systems and cyber-physical systems. In this special issue, we present three papers focused on state-of-the-art mod/sim approaches for supporting the defense of cyber systems that underpin a nation-state's critical infrastructure. Mod/sim methods provide paramount support for a wide range of cyber defensive applications, including security risk assessment, optimal cyber system defensive configuration, security versus performance versus cost trade-off analyses, and automated intrusion prevention, detection, remediation, and recovery, among others. Mod/ sim techniques draw on established modeling paradigms, such as System Dynamics,
Reliability and portability of parallel programs can be seriously affected by erroneous nondeterm... more Reliability and portability of parallel programs can be seriously affected by erroneous nondeterministic behavior of such programs. In message passing parallel programs, nondeterminism is caused by races among messages. However, some of these races may be intentional--introduced either for programming convenience, or for performance reasons. Testing and debugging such nondeterministic programs requires a significantly different approach than testing and debugging sequential programs. We present a strategy for testing and debugging message passing parallel programs, called a One-Thread-at-One-Time (OtOt) strategy, which requires a user to concentrate primarily on a single process in a testing and debugging session. The OtOt strategy can be implemented at run-time using a Controlled Execution technique. This implementation is shown to provide a debugging technique for nondeterministic message passing programs. Moreover, with an OtOt strategy, it is possible to define and implement parallel debugger actions that have similar semantics to that of common sequential debugger commands (e.g., break point, step, etc.). A testing methodology, also based on Controlled Execution, is developed for nondeterministic programs. A specification technique for intentional race conditions, called Message Expressions, is presented as a mechanism for directing the testing and debugging tools. A run-time parallel testing and debugging tool, called mdb, implements the OtOt strategy for programs written for PVM 3.x environment.
Proceedings of the SIGMETRICS symposium on Parallel and distributed tools - SPDT '96, 1996
... Our work builds upon theirs in that we base our algorithm on theirs but detect a different se... more ... Our work builds upon theirs in that we base our algorithm on theirs but detect a different set of races. Damodaran-Kamal and Francioni present a technique called con trolled execution for testing and debugging mes-sage races [6]. Their system is the first to explicitly report ...
Proceedings of the 13th international World Wide Web conference on Alternate track papers & posters - WWW Alt. '04, 2004
The practical experience of RosettaNet in using Web technologies for B2B integration illustrates ... more The practical experience of RosettaNet in using Web technologies for B2B integration illustrates the transformative power of Web technologies and also highlights challenges for the future. This paper provides an overview of RosettaNet technical standards and discusses the lessons learned from the standardization efforts, in particular, what works and what doesn't. This paper also describes the effort to increase automation of B2B software integration, and thereby to reduce cost.
Proceedings of the 1994 international symposium on Software testing and analysis - ISSTA '94, 1994
... The race testing algorithm is given in Section 4, and an example is given in Section 5. Limit... more ... The race testing algorithm is given in Section 4, and an example is given in Section 5. Limitations of the OtOt strategy in testing ... scalable to a large number of processors, through the design of the Ariadne debugger [6]. A dis-tributed debugger for the Amoeba operating system is ...
Proceedings of the Eleventh Workshop on Visualization for Cyber Security, 2014
The Visualization for Cyber Security research community (VizSec) addresses longstanding challenge... more The Visualization for Cyber Security research community (VizSec) addresses longstanding challenges in cyber security by adapting and evaluating information visualization techniques with application to the cyber security domain. This research effort has created many tools and techniques that could be applied to improve cyber security, yet the community has not yet established unified standards for evaluating these approaches to predict their operational validity. In this paper, we survey and categorize the evaluation metrics, components, and techniques that have been utilized in the past decade of VizSec research literature. We also discuss existing methodological gaps in evaluating visualization in cyber security, and suggest potential avenues for future research in order to help establish an agenda for advancing the state-of-the-art in evaluating cyber security visualizations.
1994 International Conference on Parallel Processing Vol. 3, 1994
ABSTRACT One component of efficient object management in large multidatabase systems is efficient... more ABSTRACT One component of efficient object management in large multidatabase systems is efficient object identification. This paper defines and formalizes concepts related to decentralized object identifier assignment, and presents a model for object identification, shared access and communication in a multidatabase domain.
Proceedings of IEEE Scalable High Performance Computing Conference
... [8] S. K. Damodaran-Kamal and JM Francioni, Nondeterminacy: Testing and debugging in mes ...... more ... [8] S. K. Damodaran-Kamal and JM Francioni, Nondeterminacy: Testing and debugging in mes ... The functionality and the user interface of mdb have improved due to the comments of Bharath Nedunchelian, Tom Johnsten, Murali Kanumuru, and Archana Nambiar. References ...
ACM SIGPLAN Notices, 1993
ABSTRACT An abstract is not available.
Uploads
Papers by Suresh Damodaran