Cybersecurity Core Curricula Development N.C. State will develop, document, and deliver course materials for institutions wishing to educate and prepare Cybersecurity graduates to meet the workforce needs of the Federal government and industry, in support of the Cybersecurity National Action Plan. This curriculum addresses key elements of the identified knowledge, skill, and ability areas. Individual courses will be modularized and packaged for use by others, including syllabi, teaching materials, readings, and fully documented, hands-on student exercises. A course roadmap will be presented, along with a means for prospective students to self-assess their needs. An educator's workshop will be organized to train teachers in the use of these materials.

Human-system interactions is an integral part of any system. Because the vast majority of ordinary users have limited technical knowledge and can easily be confused and/or worn out by repeated security notifications/questions, the quality of users? decisions tends to be very low. On the other hand, any system targeting end-users must have the flexibility to accommodate a wide spectrum of different users, and therefore needs to get the full range of users involved in the decision making loop. This dilemma between fallible human nature and inevitable human decision making is one main challenge to the goal of improving security. In this project, we aim at developing principles and mechanisms for usable risk communication and control. The major technical innovations include (1) multi-granularity risk communications; (2) relative risk information in the context of comparison with alternatives; (3) Discover and integrate risk information from multiple sources; (4) Expand opportunities for risk communication and control.

DO6 Cyber

LAS DO 5 Reeves TO 5.7

Situation Awareness (SA) is a process highly dependent on the analyst or operator who is attempting to defend either a physical attack (e.g., missile attack) or a cyber attack. That is, SA is ultimately a mental process of human beings. In this project we will develop an integrated end-to-end (spanning the whole ?life cycle?) cyber SA solution to fill the gap between machine information processing and analysts? mental processes. Our bridging innovations include adding the bridges or ?missing links? between the analysts? mental processes and existing machine level attack/intrusion analysis tools; between human-comprehensible situation representation and algorithmic data structures; between brainside decision making and machine-side data aggregation; and between uncertainty/risk management and largely deterministic machine state transitions. In sum, our solution adds the new algorithms and techniques that are needed for the machine SA system to work in concert with the human SA system. Our solution also integrates situation recognition, impact assessment, causality analysis, trend analysis, and assessment of system assurance The NCSU participants will focus on the development of multi-level information fusion in the cyber world, VM-based automated vulnerability diagnosis of unknown cyber vulnerabilities, and application of video game technology to bridge the gap between the cyber and the human worlds.

Android smartphones have grown in market share and have penetrated all corners of the market, including US Government and, in particular, DoD. The ecosystem of the Android App marketplace while encouraging creativity also has lax standards. Recent work by Aiken's group shows that it is possible to use static analysis techniques to identify vulnerabilities due to abuse of {\em permissions} afforded to the software app, by the user, but with potential for false positives and attendant necessity for manual analysis. In this preliminary investigation, we propose to investigate a run time monitor that could be used in combination with static analysis to enforce strict permission policies. The particular research questions we will consider are: x Design of a language for expressing positive (shall) and negative (should not) permission x Algorithms for instrumenting application code that would be used to maintain invariants implied by the permission policies set by the user x Algorithms for instrumenting application code to collect trace data that could be mined later for surreptitious violations of security policies, and algorithms for deleting applications automatically when policies are violated. The three parts of the research proposal, when taken together, correspond to traditional law enforcement strategies -- setting of the law, monitoring for compliance, and imposition of penalty when laws are broken. While the ultimate goal is to validate the proposed work in the context of the Android market place, the proposed preliminary investigation will be theoretical in nature.

NCSU through the SAS GA will provide research and analysis to SAS as set forth in this Agreement. Such research and analysis shall include, but is not limited to, research, generation, testing, and documentation of operations research software. SAS GA will provide such services for SAS' offices in Cary, North Carolina, at such times as have been mutually agreed upon by the parties.

NCSU through the SAS GA will provide research and analysis to SAS as set forth in this Agreement. Such research and analysis shall include, but is not limited to, research, generation, testing, and documentation of operations research software. SAS GA will provide such services for SAS' offices in Cary, North Carolina, at such times as have been mutually agreed upon by the parties.

"NC State University (NCSU), through the graduate industrial traineeship (GIT) student, will provide research and analysis to SAS. Such research and analysis shall include, but is not limited to, research, generation, testing and documentation of operation research software. GIT student will provide such services for SAS' offices in Cary, North Carolina, at such times as have been mutually agreed upon by the parties. GIT student agrees to abide by SAS' policies and procedures regarding security of SAS' facilities and computing resources."

NC State University (NCSU), through the graduate industrial traineeship (GIT) student, will provide research and analysis to SAS. Such research and analysis shall include, but is not limited to, research, generation, testing and documentation of operation research software. GIT student will provide such services for SAS' offices in Cary, North Carolina, at such times as have been mutually agreed upon by the parties. GIT student agrees to abide by SAS' policies and procedures regarding security of SAS' facilities and computing resources