EAGER: SaTC: Early-Stage Interdisciplinary Collaboration: Collaborative: A Sociotechnical Metrics Framework for Network and Security Operations Centers

EAGER：SaTC：早期跨学科协作：协作：网络和安全运营中心的社会技术指标框架

• 批准号: 1915824
• 负责人: Alexandru Bardas
• 金额: $ 15万
• 依托单位: University of Kansas Center for Research Inc
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-06-01 至 2022-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1915824&HistoricalAwards=false
• 关键词: EAGER; SaTC; Early; Stage; Interdisciplinary

Network and Security Operations Centers (SOCs) are central components of modern enterprise networks. SOCs manage network operations, defend against cyber threats, and maintain regulatory compliance. Typically, management and SOC operators use monitoring software and metrics, such as open and closed tickets, to manage SOC efficiency. These metrics may fail to represent the real effectiveness of the SOC and the security posture of the network. This project will study how improved metrics could better incentivize productive routines, reveal potentially fundamental security vulnerabilities in the network, and trigger stabilizing right-sizing processes in the controlling organization. The project will afford an opportunity for students to participate in research on security operations and thereby encourage careers in security research or professions.This project will develop a new metrics framework that measures and validates SOC performance against enterprise network security. The specific goal is to create a framework that SOCs and parent organization personnel could use to create tailored metrics for their unique security environment. The research includes a technical study of network monitoring, as well as a qualitative approach to the study of organizational environments that analyzes people and technological artifacts as interacting components in complex systems and describes stability and change in the functioning or mis-functioning of these systems. By treating networks, security components, and operations staff as part of an interdependent system, the metrics will be able to account for factors such as outstanding security vulnerabilities, strategic and long-term planning, and constituency interests, and will provide on-the-ground SOC analysts with ways to input local knowledge into higher-up decisions.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络和安全运营中心（SOC）是现代企业网络的核心组件。SOC管理网络运营，防御网络威胁，并保持合规性。通常，管理层和SOC运营商使用监控软件和指标（如打开和关闭的票证）来管理SOC效率。这些度量可能无法表示SOC的真实的有效性和网络的安全态势。该项目将研究改进的指标如何更好地激励生产例程，揭示网络中潜在的基本安全漏洞，并在控制组织中触发稳定的合理规模流程。该项目将为学生提供参与安全运营研究的机会，从而鼓励安全研究或专业的职业生涯。该项目将开发一个新的度量框架，用于测量和验证SOC针对企业网络安全的性能。具体目标是创建一个框架，SOC和上级组织人员可以使用该框架为其独特的安全环境创建量身定制的指标。该研究包括网络监控的技术研究，以及对组织环境研究的定性方法，该方法将人员和技术工件作为复杂系统中的交互组件进行分析，并描述这些系统的功能或故障的稳定性和变化。通过将网络、安全组件和运营人员视为相互依赖的系统的一部分，这些指标将能够考虑诸如突出的安全漏洞、战略和长期规划以及选区利益等因素，并将为实地SOC分析师提供将当地知识输入更高层次的方法，决定。该奖项反映了NSF的法定使命，并且通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Deploying Android Security Updates: an Extensive Study Involving Manufacturers, Carriers, and End Users

• DOI: 10.1145/3372297.3423346
• 发表时间: 2020-10
• 期刊: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Kailani R. Jones;T. Yen;S. C. Sundaramurthy;Alexandru G. Bardas

Defensive Technology Use by Political Activists During the Sudanese Revolution

苏丹革命期间政治活动家使用防御技术

• DOI: 10.1109/sp40001.2021.00055
• 发表时间: 2021
• 期刊: Proceedings of the IEEE Symposium on Security and Privacy
• 作者: Daffalla, Alaa;Simko, Lucy;Kohno, Tadayoshi;Bardas, Alexandru G
• 通讯作者: Bardas, Alexandru G