Cybersecurity needs to move its focus from protecting the network to protecting the tasks to be accomplished, say USC Viterbi School of Engineering specialists who are now working on a dynamic approach to protect crucial computer operations.
Gil, the principal investigator of the Interactive Knowledge Capture group at USC Viterbi's Information Sciences Institute, has specialized for years in analyzing “workflows,” the complex ways information moves through diverse systems, looking for ways to improve the flow and the final output product.
Now she is directing a four-year project funded by the Air Force Office of Scientific Research that aims to use insights from this work to keep crucial military and other systems running while under cyber attack. The idea is “nimble task allocation” or enabling immediate response to possible intrusions without totally shutting or slowing down critical operations.
“A key desired capability is to be able to accomplish a mission even while the network is compromised and subject to deception,” Gil said.
Traditional cybersecurity methods have focused on reacting to attacks, using specific defenses developed by analyzing past attacks, Gil said.
The new “Workflow Reasoning for Mission-Centered Network Models” approach being developed by Gil’s team will attempt to supplement such defensive methods with an approach that finds ways for a system to perform its needed functions even if it has been compromised.
The basic idea is to be able to shuffle components flexibly and quickly so work can go around the infected areas. The ability to do so comes from using recently developed workflow management techniques.
“Network models lack a representation of tasks to be accomplished," the proposal said, "and of how network resources are assigned to accomplish various steps of the mission. In this project, we will develop a general framework for representing models of goals and tasks, and to exploit those models to make a mission more robust to deception operations co-occurring in the network.”
Existing network models, Gil explains, have two levels — physical and logica l— which correspond to hardware and programming. The workflow idea adds a third level of understanding of tasks and goals to create “mission-centered network models" (MCNMs). These create maps of activity showing what resources are working on what goals and can also provide alternative allocations to accomplish the same tasks and goals.
The response is two-fold. First, the work continues because the mission can be protected from ongoing intrusion and deception activities by dynamically reallocating resources as they become compromised. Second, the same system performs forensic functions, permitting instant analysis of what went wrong, and how.
In addition to protection against malicious attack, the group believes that MCNMs will also allow better planning and more efficient use of resources in routine operations.
The new project grows directly out of a long focus by Gil and colleagues on a "meta" view of computer science operations focused on the way in which software components interoperate, and how they achieve their results. The aim is find ways to use computer techniques — particularly artificial intelligence reasoning — to make workflows faster, more efficient and more accurate.
Gil and colleagues have been specializing in workflows for scientific data analysis for many years. Gil presented a review paper in 2009 on “From Data to Knowledge to Discoveries: Scientific Workflows and Artificial Intelligence.”
She also co-chaired a special National Science Foundation workshop on The Challenges of Scientific Workflows and her group has won funding for such recent projects as “Towards Shared Repositories of Computational Workflows,” “Workflows for Assessing Student Learning,” “Designing Scientific Software One Workflow at a Time” and “Scalable Knowledge Discovery Through Grid Workflows”