CSET '18 Workshop Program

Operator stress is a common, persistent, and disabling effect of cyber operations and an important risk factor for performance, safety, and employee burnout. We designed the Cyber Operations Stress Survey (COSS) as a low-cost method for studying fatigue, frustration, and cognitive workload in real-time tactical cyber operations. The combination of pre- and post-operational measures with well validated factors from the NASA Task Load Index and additional contextual factors provide a quick, easy, and valuable assessment of cognitive stress. We report on our experiences developing and fielding the survey instrument, validation, and describe the use and results of the COSS in four studies of cyber operations across the National Security Agency.

While a plethora of apparently foolproof detection techniques have been developed to cope with phishing, it remains a continuing problem with an increasing number of attacks and victims. This is due to a gap between the reported experimental detection accuracy of solutions from the academic literature and their actual effectiveness in real-world scenarios. For instance, design choices made while only considering how to maximize the accuracy of phishing detection sometimes has the unintended effect of constraining deployability or limiting usability. We hope to raise awareness about practices causing this gap and present a set of guidelines for the design and evaluation of phishing webpage detection techniques. These guidelines can improve the effectiveness of phishing detection techniques in real-world scenarios and foster technology transfer. They also facilitate unbiased comparison of evaluation results of different detection techniques.

Current testbed experiments are often ad-hoc, manual, complex and hard to repeat and reuse. We argue that this is due mostly to our current inability to capture, standardize and encode experiment behavior. We propose DEW - distributed experiment workflows. Unlike current experiment representations, which focus mostly on topology, DEW encodes experiment behavior, at both high and low level, and topological constraints, which help with realization on testbeds. We show how DEW enables easier experiment design, management, sharing and reuse and how it facilitates automated generation of topologies and runnable scripts.

New paradigms and architectures, such as Software Defined Networking (SDN), have added an unprecedented increase in the rate of research and development conducted in the field of computer networks. With this increase, there is a rising need for platforms that can enable researchers and operators to experiment with various scenarios involving performance testing, topology designs, etc. However, the available emulators fail to address fundamental needs of those research requiring fidelity.

In this work, we propose a novel approach to embed arbitrary topologies on a substrate network of programmable ToR switches using our network virtualization technique, called Bare-metal Network Virtualization(BNV). BNV is entirely software configurable and has been implemented on open source software and unmodified OpenFlow-enabled switches. The system has been deployed in a production testbed in National Cybersecurity Laboratory (NCL) for over nine months. Our evaluations show that BNV can support various data-center topologies with less number of switches which can facilitate building a high fidelity, repeatable and isolated experimentation platform for data-center, SDN and other research in computer networks.