Updates on Trusted CI’s Efforts in Cybersecurity by Design of NSF Academic Maritime Facilities

As part of its “Annual Challenge” in 2023, Trusted CI has been engaging with current and future NSF Major Facilities undergoing design or construction with the goal of building security into those Facilities from the outset.  To date, this effort has focused on working with cyberinfrastructure operators in the the academic maritime domain, and has included support of the cybersecurity aspects of the acceptance testing process of the NSF-funded Research Class Research Vessels (RCRVs) at Oregon State University as well as Scripps Institution of Oceanography’s design of the California Coastal Research Vessel (CCRV).  These vessels are all expected to eventually become a part of the U.S. Academic Research Fleet (ARF).

In 2022, Trusted CI studied cybersecurity issues in operational technology (OT) in science and produced a roadmap to help lead to greater security of such systems, and thus Trusted CI’s efforts with security by design of Major Facilities this year are seeking to both refine and apply OT insights gained previously.  The U.S. Antarctic Program (USAP)’s design of the Antarctic Research Vessel (ARV) has also been contributing to Trusted CI’s understanding of cybersecurity issues in operational technology  Trusted CI has also benefited from insights from numerous conversations with domain experts in the academic maritime domain across a variety of ARF institutions, including IT personnel, marine technicians, oceanographers, ship captains, project leadership, and NSF Program Managers.

One of the highlights of this year's security-by-design efforts has been site visits to ships and facilities. The team has made site visits to the R/V Sally Ride and Oregon State University’s Hatfield Marine Science Center in Newport, Oregon, where the R/V Taani — one of the initial three RCRVs being constructed — will be based upon completion of its construction.  These in-person visits, including extensive discussion with personnel involved with the facilities, have provided invaluable insight to supporting Trusted CI’s efforts.

In the second half of 2023, Trusted CI will continue working on security by design with the aforementioned organizations and will also be working with the NSF Ocean Observatories Initiative (OOI) Major Facility, which is in the process of planning a refresh of its autonomous underwater vehicle (AUD) and glider fleets.

Recent site visit photographs:

Trusted CI’s Sean Peisert, left, in a crawlspace on the R/V Sally Ride examining operational technology systems.

The R/V Sally Ride, docked in Alameda, CA.

Trusted CI’s Dan Arnold, left, conferring with marine technicians on the R/V Sally Ride.

Trusted CI’s John Zage, left, looks on as RCRV’s Chris Romsos, right, explains some of the scientific instruments that will be part of the newly constructed ships at the RCRV’s offices at OSU, Corvallis, OR.

Trusted CI’s John Zage left, and RCRV’s Chris Romsos, right, view part of the expansive warehouse of items and gear to outfit the new ships under construction. OSU, Corvallis, OR.  

Trusted CI releases updated guide to software security

As part of its ongoing efforts to support software assurance, Trusted CI has released a major update (version 2.0) of our Guide to Securing Scientific Software.

The first version of this guide provided concrete advice for anyone involved in developing or managing software for scientific projects. This new version of the guide expands both coverage and depth of the topics. This guide provides an understanding of many of the security issues faced when producing software and actionable advice on how to deal with these issues. New topics include approaches to avoiding software exploits (injection attacks, buffer overflows and overruns, numeric errors, exceptions, serialization, directory traversal, improper set of permissions, and web security); securing the software supply chain; secure design; software analysis tools; fuzz testing; and code auditing.

The new version of the guide is available at https://doi.org/10.5281/zenodo.8137009.

If you write code, this guide is for you. And if you write scientific software, your software is likely to be shared or deployed as a service. Once that step happens, you and the people who use or deploy your software, will be confronted with software security concerns.

To address these concerns, you will need a variety of skills. However, it may be daunting just to know what are the concerns to address and what are the skills that you need. The goal of this guide is to provide an introduction to these topics.

You can read this guide beginning-to-end as a tutorial to introduce you to the topic of secure software development, or you can read it selectively to help understand specific issues. In either case, this guide will introduce you to a variety of topics and then provide you with a list of resources to dive deeper into those topics.

It is our hope that our continued efforts in the area of software assurance will help scientific software projects better understand and ameliorate some of the most important gaps in the security of scientific software, and also to help policymakers understand those gaps so they can better understand the need for committing resources to improving the state of scientific software security. Ultimately, we hope that this effort will support scientific discovery itself by shedding light on the risks to science incurred in creating and using software.

Trusted CI releases a new report on ransomware

As part of its ongoing efforts to support software assurance, Trusted CI has released a new report describing the current landscape of ransomware.

Ransomware has become a global problem, striking almost every sector that uses computers, from industry to academia to government.

Given that ransomware is a global problem, striking almost every sector that uses computers, from industry to academia to government, our report takes a detailed technical approach to understanding ransomware. Ransomware attacks affect the smallest businesses, the largest corporations, research labs, and have even shut down IT operations at entire universities.

We present a broad landscape of how ransomware can affect a computer system and suggest how the system designer and operator might prepare to recover from such an attack. In our report we are focused on detection, recovery, and resilience. As such, we are explicitly not discussing how the ransomware might enter a computer system. The assumption is that systems will be successfully attacked and rendered inoperative to some extent. Therefore, it is essential to have a recovery and continuity of operations strategy.

Some of the ransomware scenarios that we describe reflect attacks that are common and well understood. Many of these scenarios have active attacks in the wild. Other scenarios are less common and do not appear to have any active attacks. In many ways, these less common scenarios are the most interesting ones as they pose an opportunity to build defenses ahead of attacks. Such areas need more research into the possible threats and defenses against these threats.

We start with a discussion of the basic attack goals of ransomware and distinguish ransomware from purely malicious vandalism. We present a canonical model of a computing system, representing the key components of the system such as user processes, the file system, and the firmware. We also include representative external components such as database servers, storage servers, and backup systems. This system model then forms the basis of our discussion on specific attacks.

We then use the system model to methodically discuss ways in which ransomware can (and sometimes cannot) attack each component of the system that we identified. For each attack scenario, we describe how the system might be subverted, the ransom act, the impact on operations, difficulty of accomplishing the attack, the cost to recover, the ease of detection of the attack, and frequency in which the attack is found in the wild. We also describe strategies that could be used to detect these attacks and recover from them.

Based on our study, we present our major takeaway observations and best practices that can help make a system more resilient to attack and easier to recover after an attack. Our report is available at https://doi.org/10.5281/zenodo.8140464.

Trusted CI Webinar: The Technical Landscape of Ransomware: Threat Models and Defense Models, July 17th@11am EST

Members of Trusted CI are presenting the talk, The Technical Landscape of Ransomware:  Threat Models and Defense Models, July 17th at 11am (Eastern).

Please register here.

Ransomware has become a global problem.  Given the reality that ransomware will eventually strike your system, we focus on recovery and not on prevention.  The assumption is that the attacker did enter the system and rendered it inoperative to some extent.

We start by presenting the broad landscape of how ransomware can affect a computer system, suggesting how the IT manager, system designer, and operator might prepare to recover from such an attack.

We show the ways in which ransomware can (and sometimes cannot) attack each component of the systems. For each attack scenario, we describe how the system might be subverted, the ransom act, the impact on operations, difficulty of accomplishing the attack, the cost to recover, the ease of detection of the attack, and frequency in which the attack is found in the wild (if at all). We also describe strategies that could be used to recover from these attacks.

Some of the ransomware scenarios that we describe reflect attacks that are common and well understood. Many of these scenarios have active attacks in the wild. Other scenarios are less common and do not appear to have any active attacks. In many ways, these less common scenarios are the most interesting ones as they pose an opportunity to build defenses ahead of attacks.

Speaker Bios:

Barton Miller is the Vilas Distinguished Achievement Professor and the Amar & Belinder Sohi Professor in Computer Sciences at the University of Wisconsin-Madison. He is a co-PI on the Trusted CI NSF Cybersecurity Center of Excellence, where he leads the software assurance effort and leads the Paradyn Tools project, which is investigating performance and instrumentation technologies for parallel and distributed applications and systems. His research interests include software security, in-depth vulnerability assessment, binary and malicious code analysis and instrumentation, extreme scale systems, and parallel and distributed program measurement and debugging.  In 1988, Miller founded the field of Fuzz random software testing, which is the foundation of many security and software engineering disciplines. In 1992, Miller (working with his then­student Prof. Jeffrey Hollingsworth) founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation”. Miller is a Fellow of the ACM and recent recipient of the Jean Claude Laprie Award for dependable computing.

Miller was the chair of the Institute for Defense Analysis Center for Computing Sciences Program Review Committee, member of the U.S. National Nuclear Safety Administration Los Alamos and Lawrence Livermore National Labs Cyber Security Review Committee (POFMR), member of the Los Alamos National Laboratory Computing, Communications and Networking Division Review Committee, and has been on the U.S. Secret Service Electronic Crimes Task Force (Chicago Area).

Elisa Heymann is a Senior Scientist on TrustedCI, the NSF Cybersecurity Center of Excellence at the University of Wisconsin-Madison, and an Associate Professor at the Autonomous University of Barcelona. She co-directs the MIST software vulnerability assessment at the Autonomous University of Barcelona, Spain.

She coordinates in-depth vulnerability assessments for NFS Trusted CI, and was also in charge of the Grid/Cloud security group at the UAB, and participated in two major Grid European Projects:  EGI-InSPIRE and European Middleware Initiative (EMI). Heymann's research interests include software security and resource management for Grid and Cloud environments. Her research is supported by the NSF, Spanish government, the European Commission, and NATO.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."