Project Status Report Period: July 26, 2012 - end of project I. Major accomplishments We expanded the requirements of one of the scenarios, specifically the one in which there is a claim of illicit downloading of intellectual property. We detailed the attribution requirements and the high-level design of how these attribute values might be captured and recorded in the GENI infrastructure. We noted that the level of detail might impact the performance of certain aspects of GENI. We then implemented a simple framework consisting of a sample attribute server and clients on Emulab. A. Milestones achieved Attrib: S4.a -- Use cases for the GENI Attribution Framework (Scenarios, done) Attrib: S4.b -- Requirements for the GENI Attribution Framework (RIAA/MPAA takedown, done) Attrib: S4.c -- Design of the GENI Attribution Framework (done) Attrib: S4.d -- Implement portions of the framework (attribution server, clients done) B. Deliverables made None this reporting period II. Description of work performed during last quarter A. Activities and findings Matt Bishop has collaborated with non-GENI colleagues on a paper extending the work done earlier to include thoughts on metrics for resilience, which is relevant to the Attribution in GENI project because it studies how to measure resilience, and indeed what resilience is. This paper is an extension of the one presented at EICAR (see last quarter's report), and will be presented at the First Workshop on Anti-Malware Testing Research. He and Carrie Gates also collaborated on a paper examining how files and content were copied and moved about a file system and network as people created, read, and modified the file. In order to do this, many file attributes (such as creator, owner, size, time of access and modification) are critical. This can be used to detect information leakage, or (more critically for experimenters) unauthorized alteration. The combination of the applicability of this research to experimentation, and its need for attribution of actions and modifications, make it relevant to this GENI project. Preliminary results were presented at the New Security Paradigms Workshop. B. Project participants Matt Bishop, University of California at Davis Mina Doroud, University of California at Davis Teng Wang, University of California at Davis Jeffrey Hunker, Jeffrey Hunker Associates Carrie Gates, CA Technologies C. Publications (individual and organizational) * S. Peisert, E. Talbot, and M. Bishop, "Turtles All The Way Down: A Clean-Slate, Ground-Up, First-Principles Approach to Secure Systems," Proceedings of the 2012 New Security Paradigms Workshop (Sep. 2012). D. Outreach activities Matt Bishop presented a talk on the insider problem, of which attribution is a key part, at the Seventh International Workshop on Security in Fukuoka, Japan. He also obtained a CC-NIE grant from NSF to UC Davis to enhance the campus research infrastructure, a key part of which will be enhancing the capabilities of the campus to interface with GENI in general and provide support for the GENI rack that is planned in 2013. He presented a talk on the planned Science DMZ at the CENIC workshop in early 2013. Carrie Gates is serving as one of the organizers of the LASER 2013 workshop, and Matt Bishop is a member of the program committee. This workshop follows the first LASER 2012 workshop. The goal of this workshop ("Learning from Authoritative Security Experiment Results") is to discuss experimental methodologies, especially those that led to unexpected results, in experimental (cyber) security research, encouraging people to share not only what works, but also what doesn't. Given the increased importance of computer security, the security community needs to quickly identify and learn from both success and failure. The workshop will focus on research with a valid hypothesis and reproducible experimental methodology, but that produced unexpected results or that did not validate the hypotheses. Also of interest are methodologies that address difficult and/or unexpected issues, or that identify previously unsuspected confounding issues. E. Collaborations We have been collaborating closely with the Hive Mind project (project number 1792) on its infrastructure. The goal of both projects is to provide a basis for the Attribution Framework to use the infrastructure that the Hive Mind has been developing, and to implement the framework in a way that minimizes the burden of gathering attributes, specifically using the "digital ants" to do so. The design is still under way. F. Other Contributions N/A