scientific best practices cybersecurity r & d wp
TRANSCRIPT
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
1/34
!"#$%&'" )$*+,-./"&"$* 01. 2$"3..#%4
-.156$7* #% 81793+$. !$"3.#+: 2 ; D!E
F5#6/.G/"7H1.4
GF/%#$6I5#6/.
!:!"/% JKLM
!#%4/91.$
E9.#6 N.F> JKLM L
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
2/34
8:5$. @#**#1% -6/%%#%4
R9#6143$P)63$9.#%+
Q3+6#%$ 10 ?/6S
J
?=/%S* 01. =$69P
#%*9#./&1% /%F
/99.$"#/&1% +1
?=17/* !"##$%&
R.1 ()**%*)
E6$T +,-*,.
?./U#* /,,012%%0E%%/+3"4$&)
!$.4$: 5*)6"1
2$5$""/ +3)2$*,
V/*1% /%7&%*
V1%+6")*6
W$1.4 8$93%*1:$@/+$3*X ;"*9$&0
? 7/%:@,*%
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
3/34
EFF$%F37O 8/. 8EA 53* =/"S#%4
=11S 39 51/.F*>3*$ 411F?=19+$. /%F F$%#/6 10 U#$BP7/%#936/&1% 10 8EAF/*=51/.F #% N 71%+=*
NW11F?=19+$.LK 8EA )3*!1`B/.$ -/"S/4$D*$.
=a9OPP&%:3.6H"17P8/.8EAJKLN
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
4/34
Work Accomplished - Methodology
81%'.7 b%0$.$%"$*>
?$*+ 2$*91%*#U$%$**
)13%F/.: E%/6:*#* W$%$./&U$ c3XX#%481%'.7 A$B
b%0$.$%"$*
4
A*4B! C"
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
5/34
K
JK
MK
_K
dK
LKK
LJK
K JK MK _K dK LKK LJK
+2
%%0,@%6%*E%)0$&DQONRS
!)6) 5=6% P T)#"%
5
Higher Level Protocol: ID 513
engineering.dartmouth.edu
7 March 2013
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
6/34
Higher Level Protocol: ID 1056
IKHU !V( M W
X&D$&%
Y%@2Z0,@%6%*
5)[%*=
(3)*D%X&D$&% (#,9:
!)134,)*0
8)*&$&D1
(3%9: C"%#
()2\&"1%0 (,"&6%*
!
Q
cE.5#+./&1% b< 81%+.16 c#$6F
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
7/34
!#4%/6*O !#F$ 8=/%%$6
!#F$ "=/%%$6* e15*$.U/56$* +=/+ /.$$7#a$F 5: /"&U$ *:*+$7*
Q% / "1793+$. *:*+$7>
+=$*$ "/% 5$ 15*$.U$F&7$> 91B$.> Q! $U$%+*>R@ ./F#/&1%> "=/./"+$.#*&"/"13*&" *9$"+./6 *#4%/+3.$/%F 71.$
JKLMO @/.S !+1$f%4$.g*A?D 4.139 #* F1#%4 "3f%4$F4$ 93%"+3/+$F =/.FB/.$7/4%$&" '$6F *#F$ "=/%%$6/%/6:*#* [!8E]
W./9= 0.17 hC3%FJKLNiH W$%$.#" &7#%4 *#F$
"=/%%$6 /a/"S /4/#%*+ @@D *:*+$7 +1 #%0$.#%01.7/&1% /513+ +=$ 9.#U#6$4$F /FF.$** *9/"$
6/:13+
!17$ #%%1U/&U$ /a/"S*O F/+/ *+.3"+3.$* [JKKj
&7#%4 /a/"S* /4/#%*+ F/+/5/*$*]> 9.1+1"16* /%F
3%F$.6:#%4 /641.#+=7* [JKKj k1! /a/"S* /4/#%*+5/6/%"#%4 /641.#+=7*> @@D ["/"=$] /%F 71.$
j
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
8/34
!#F$ 8=/%%$6* /* 81%*#6#$%+ RU#F$%"$
W$%$./6#X$O D*$ *#F$ "=/%%$6 $U#F$%"$ +1 .$/*1% /513+*:*+$7P*35,*:*+$7 [#%+$.%/6 *+/+$*]
l=$B$66g* Y81%*#6#$%"$ 10 b%F3"&1%m 81%"$9+ 10 /44.$4/+$ $U#F$%"$
81%U$.4$%"$ 10 *$U$./6> #F$/66: #%F$9$%F$%+ =:91+=$*$* *$.U$* +1*+.$%4+=$% "1%"63*#1%
k3$*&1%O l=/+ *#F$ "=/%%$6* /.$ /U/#6/56$> $/*: +1 /""$**>/%/6:X$> $T9.$**#U$> +:9$ bPbb $..1. $+"
d
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
9/34
?=.$$ k3$*&1%* 1% !#4%/6*
l/%+ /"&1%/56$ =/%F6#%4 10 =#4=$. F#7$%*#1%/6*#4%/6 F:%/7#"* /* +=$: 1""3. #% 6#U$ "1793+$.*:*+$7* /* *#F$ "=/%%$6* E"&1%/56$ #* +1 5$ 3%F$.*+11F /* 3*$036 #% 9./"&"$
C#4=$. F#7$%*#1%/6 .$0$.* +1 *#T 1. 71.$ F/+/F#7$%*#1%*
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
10/34
!#4%/6 2$9.$*$%+/&1%O o#*3/6*
LK
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
11/34
!#4%/6 2$9.$*$%+/&1%O o#*3/6* ; 71.$
c3%F/7$%+/6 "14%#&U$ 6#7#+* 01. U#*3/6* U$.: =/.F +1 1U$."17$ 01.
=#4= F#7$%*#1%/6 .$9.$*$%+/&1% !$$ !+/.6#4=+ 9.1p$"+> Ab RFB/.F ?3`$ 511S *$.#$*>
@/.+: Y E996#$F !$"3.#+: o#*3/6#X/&1%m> -/6$: Yo#*3/6 E%/6:&"*m
2#"= 4/73+ 10 10 =37/% *$%*$* .$7/#% %$46$"+$F
E3./6 [=$/.#%4]> =/9&" [+13"=]> U$*&536/. [5/6/%"$ /%F
/""$6$./&1%]> S#%$*+=$&"> +=$.71"$9&1% [+$79$./+3.$]> $+" LL
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
12/34
@/T#7/6 b%01.7/&1%,5/*$FA1%9/./7$+.#" RT961./&1%[@bAR] *+/&*&"*
! W$%$./6O ()26"*%1 >$0%
*)&D% ,G )11,9$)-,&14%6>%%& 2)$*1 ,G .)*$)4#%1[6#%$/.> $T91%$%&/6>9$.#1F#"> %1%,03%"&1%*]
!
Rq3#+/56$O E**#4%* *#7#6/.*"1.$* +1 $q3/66: %1#*:.$6/&1%*=#9* 10 F#r$.$%++:9$* h2$*=$0JKLL*39i
!#4%/6
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
13/34
!#4%/6
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
14/34
!#4%/6 -.$U$%&1%O !#F$ 8=/%%$6 Z$/S*
N,11$4#% 6, 9,&6*,# *)6% 4"6 &,6 %#$@$&)6% 1$0% 93)&&%#1
2$"$%+6:> W16FB/**$. [@b?P?$"=%#1%] /%F 21+=5637 1r$.
/ 9./"&"/6 B/: 01.B/.F
2$*#*&%4 6$/S/4$ /+ !"#$%& ()" /%F 1r$.* 9.14.$**
+1B/.F**+,)-./(+& +* /-0+)/(1 /22,+/13"#+=/+4$%$./+$ Y6$/S/4$,.$*#6#$%"$m 9.14./7* 01. / B#F$ ./%4$ 10*#F$ "=/%%$6 /a/"S*
-.1U$F +=/+ 01. /%: "1793+/&1%/66: 3%513%F$F E15*$.U#%4 +=$ .$*36+* 10 "1793+/&1%/66: 3%513%F$F
6$/S/4$ 03%"&1%*> B#66 6$/.% %1 71.$ 0.17 #+* 15*$.U/&1%*+=/% #+ "136F 4#U$% 56/"S51T /""$** 1%6: +1 +=$ #%93+,13+93+5$=/U#1. 10 -
2$*36+ #* -&1+&!$(+&/./%F F1$* %1+ .$6: 1% /%: *$"3.$=/.FB/.$ "1791%$%+*
LM
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
15/34
8:5$. @#**#1% -6/%%#%4
8:5$.,19$./&1%* =/U$ 91+$%&/6 +1 5$ 71.$9#%91#%+$F +=/% S#%$&" "13%+$.9/.+
@#%#7#X$ "166/+$./6 F/7/4$ 5: t".#*9g +/.4$+$F
19$./&1%*
C1B$U$.> 3%6#S$ S#%$&" 96/%%#%4 ["$%+3.#$* 10 B$66,
3%F$.*+11F %/+3./6 6/B*]> 9=4%*]2#)&&$&D #)9:1
G,"&0)-,&)# 9,*2"1 ,G 2*%0$9-.% #)>1
45/0-,/. 6/7# *+,8+*8$& 9$,0-/. :"/.$0; 1. +=.$/F 9.$,$79&1% [F$9$%F#%4 1% Q!]
hE6#*+/.=JKLMi @1F$.% 19$./&%4 *:*+$7* [Q!]
/%F 7#".1/."=#+$"+3.$* [@E] eF:%/7#" "1796$T 0$$F5/"S *:*+$7+=/+ +.#$* +1 "1%&%313*6: 7#%#7#X$8-b [":"6$* 9$. #%*+.3"&1%]
@$71.: 6/+$%": #* 51a6$%$"S>=$%"$ 7$71.: =#$./."=#$* 0.17 %*+1 *
Z+ )&0 OA 9,&-&","1#= 1,#.% )-@%]12)9% ,2-@$+35' C,25 !"79G/
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
17/34
@/T#7/6 b%01.7/&1%,5/*$FA1%9/./7$+.#" RT961./&1% [@bAR]*+/&*&"*
b%+3#&1%O [+$@2#%S )11%6 _1$D&)#1a )*%
*%`%96%0 $& 9,&.%^c9,&9).%2)*)4,#)]6=2% 9"*.%1 $& -@%
bF$%&0: *#4%/6* +=/+ /.$ 6$** 9$.#1F#"
[61B$. @E!]> 6$** 6#%$/. [@b8,.sJ]>53+ *&66 / 03%"&1% [=#4=$. @Ro]
4&+0 / 3"/,0="/0> &+0 / #3++(&% #0/,>=-0 #(.. / *-&1(+& N,
B/:> %,B/: +$*&%4
Ld
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
19/34
E**$+,?/.4$+ @/+"=#%4
!/: /**$+ +$*+$F 1%"1%'43./&1% E /%F #+ =/* Ld"/+$41.#$* [$H4H 6/%43/4$> Q!P9/+"=> *$.U#"$ .3%%#%4>B1.S61/F> $+"] G F1X$% 10U/63$*
C1B *#7#6/. #* +=$ 3%S%1B%"1%'43./&1% ) +1 Ev
k3$*&1% 10 0$16)&9%
R/*: $%134= 01. ./&1 F/+/ [6#S$w$6U#%]> 73"= =/.F$. 01."/+$41.#"/6 F/+/ [6#S$ Q! +:9$]
?/56$ *=1B* LM "/+$41.#"/6
F#*+/%"$ [*#7#6/.#+:] 7$/*3.$*
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
20/34
8/*$ *+3F:O 2Q-$
2Q-$O %$/. .$+
KTdKKK y H?EwRAO 3%"1%F#&1%/6 5./%"=
-@8 #%+$..39+* /`$. "$.+/#% %375$. 10 7#*9.$F#"&1%* [APJ e d]
D91% #%+$..39+> =/%F6$. "=$"S* @!2 Z/*+ )./%"= 2$"1.F#%4 [Z)2] B=$+=$. +/.4$+* 10
+=$ 9.$U#13*6: $T$"3+$F #%*+.3"&1%* /.$ 9.$"$F$F 5: /% #%*+.3"&1% b0 %1+ ,z 6#S$6: 2Q- ["=/#%] #%F3"$F
JK
!+/.+$F +$66#%4 ?./U#*
W11F*9$$F /+ 2R81%
JKLN /513+ +=#* /%F
/`$. 6$** +=/% d*$"1%F* =$ $T"6/#7*
/%F b q31+$O ?+.;
1+7@ A3/0B# / CDEF
=,$..$/&0 $!"/ +&1"
;+- -&!",#0/&! $0@ "
W./9= 0.17 WH l#"=$.*S#> !:*8/% JKLN
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
21/34
!344$*&1%* 01. 2Q-$
W$%$./6#X$ 2Q-PKTdddn #%*#4=+ O!#F$ "=/%%$6 t*9$"+./6 *#4%/+3.$g01. U/.#$+: 10 #%+$.$*&%4 /a/"S*
VQ-> tB$#.F 7/"=#%$g,#%F3"$.*>=/.FB/.$,5/*$F /a/"S*> }
EFF#&1%/6 Q!P@E U$%+*
l1.S96/% [=#4=,6$U$6]O
bF$%&0: *#4%/6* 10 #%+$.$*+
!"19$ B#+= @bAR h2$*=$0JKLLi
!#4%/6 9$.#1F#"#+: /%/6:*#*
!:*+$7 bF$%&'"/&1% +116*
!"#$%&'"/66: U/6#F $T9$.#7$%+*$+39
D*$ 9.1"$F3.$* h@1%+JKLJi JL
-@8 7$/*3.$7$%+* 1U$. &7$ 01. 9.14./7*#% !-R8 5$%"=7/.S *3#+$HW./9= 0.17
h
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
22/34
8/*$ *+3F:O )1B*9B% !+3F: 10 %1%,"/"=$/5#6#+:> ?Z) ^3*=#%4[JuKKT *61BF1B% /"=#$U$F]
_n [] Z/?$T 9/4$* /+ !:!"/% JKLN c3%F/7$%+/6 /996#$F *$"3.#+: 9/9$.> U#+/6 01.
*/0$. "1%"3..$%+ 9.14./77#%4 hV8JKLN/i
2$'%$7$%+*O c6#9 #%+$.U/6 F$9$%F$%"$ 1% U/63$[5#%/.:> /.#+=7$&"] +:9$*> 614#*&" !,"3.U$
F#*"3**#1% hV8JKLN5i JJ
W./9=* 0.17 hV!JKLN/i
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
23/34
workload(i.e. program)
PMC
!344$*&1%* 01. )1"=*9B%
JN
G/,(/. H/;"#
)+!". +*:IJ 2/%$&%
="3/K$+,
LMNNOP
?=$1.:O b%U$*&4/+$ 736&,"1.$ "1%+.16
*:*+$7* [*:*+$7 *"=$F36$.> -/4#%4]
/%F t5.#%4 13+g /**379&1%*
MQ 3$%3 ."K".
1+)2-0/(+&
./&%-/%"
2/R", )$&"!
*,+) #"K"&
%"&",/.
/22.$1/(+&
/,"/# L%,""&
E=.-" ,/,"P
SI#/&QTTNU
-./"&"/6O c#%F 61B 6$U$6 /**$756:
9/a$.% +./%*6/&1% /%F #%U$*&4/+$
*3*"$9&5#6#+: +1 F1356$ 0$+"= /%F
.$*36&%4 tF#*+1.&1%*gP $..1.
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
24/34
R9#6143$O @$+=1F* t)63$9.#%+g
!#4%/6 !$6$"&1% 81%*+.3"+ 71F$6 10 *:*+$7
bF$%&0: *#F$ "=/%%$6 15*$.U/56$*[Q!P@E $U$%+* ; 1+=$.*]
!"19$ !8Q g* @bAR 9.19$.&$*
D*$ @b8P@bAR *+/&*&"* h2$*=$0JKLLi
!#4%/6 2$9.$*$%+/&1% ; E%/6:*#* Q"+/U$ [0.$$ 53+ %1+ 91B$.036 $%134=]> @E?ZE) [5$*+ "=1#"$]
)1T961+*> -.15/5#6#+: -61+*
?11651T$*O !+/&*&"*> !:*+$7 bF$%&'"/&1%
@/"=#%$ Z$/.%#%4
b%+$.%/6#X$ h
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
25/34
-.1,?#9 @Z
Ju
w%1B B=/+ 0$/+3.$* :13. 0/U13.#+$ @Z /641 *$6$"+*/%F B$#4=*
@/%: 56#%F *91+* 91**#56$
!+3F:
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
26/34
83..$%+P39"17#%4 2 ; < +19#"*
EFF$F +1 +=$ +/6S #* / *=1.+ l- B#+= /
*$6$"&1% 10 2 ; < #**3$*
81%"3..$%": Ea/"S*
81791*#&1%/6 !$"3.#+:
!:*+$7#" 81793+$. !$"3.#+:
E66 +=$*$ #% 7: =3756$ 19#%#1% 5$%$'+ 0.17
!8E
J_
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
27/34
81%"3..$%": Ea/"S*
RU$% +=134= B$ #%".$/*#%46: .$6: 1% "1%"3..$%+ $T$"3&1%> *3"=9.14./7* /.$ 73"= 71.$ F#"36+ +1 B.#+$> +$*+> F$534H
-1+$%&/6 01. *$.#13* 1+&1-,,"&1; ",,+,# #% 7/%: B#F$*9.$/F"1%"3..$%+ 9.14./7*> $%/56#%4 0$/*#56$ 1+&1-,,"&1; /R/1V#
@/%: t*$q3$%&/6g F$0$%*$ +$"=%#q3$* > #0 3%/B/.$ 10 "1%"3..$%+
9.14./77#%4> /.$ #%$r$"&U$ 8/.$036 *+3F: 10 )1B*9B% /%F 2Q-$ B#66 :#$6F #%*#4=+*
Jj
Findings Implications
A majority (24 out of 46) of the concurrency attacks corrupt
pointer data.
Existing memory safety tools, once made aware of concur-
rency, may be able to prevent concurrency attacks that cor-
rupt pointer data.
9 concurrency attacks directly corrupt scalar data, such as
user identifiers, without compromising memory safety.
Few existing defenses handle attacks that directly corrupt
scalar data.
Many existing defenses become unsafe in the face of concur-
rency errors
These defenses must consider concurrent execution.
The exploitability of a concurrency error highly depends on
the duration of its vulnerable window (i.e., the timing win-
dow within which the concurrency error may occur).
New defense techniques may reduce the exploitability of
concurrency errors by reducing the duration of the vulner-
able window.
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
28/34
81791*#&1%/6 !$"3.#+:
Jd
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
29/34
!:*+$7#" 81793+$. !$"3.#+:
@1&U/&1%O c6/*= 8./*= [@/:JKLK] y *$$ 7: bRRR !- /.&"6$
E3+17/+$F 56/"S,51T /641.#+=7#"+./F#%4O V1=%*1% [JKLN] Y2#*$ 10+=$ @/"=#%$*m
9=$%17$%1614#"/6 t*#4%/+3.$*g 10#%+$./"&%4 /3+1%1713* "1793+$./4$%+* #% .$/6,B1.6F F:%/7#"[+./F#%4] *:*+$7
A##]@)93$&% -@% *%D$@%93)*)96%*$nuK7* 01. *9#S$*
ADD*%D)6% 4%3).$,* ,G 1$@2#%)D%&61 $1 "&2*%0$96)4#% $&2*$&9$2#%e %1 3*$036 *$"3.#+:43/./%+$$* /%$%+ F:%/7#"*
91**#56$ JnCc? A/%$T JKLK
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
30/34
!:*+$7#" 81793+$. !$"3.#+: bb
E44.$4/+$ 5$=/U#1. 10 *#796$ /4$%+* #*
3%9.$F#"+/56$ %1 3*$036 *$"3.#+: 43/./%+$$*
/%$%+ F:%/7#"* 91**#56$ hV1=LNi h)#6LMi
E%/6:*#* 10 [*#F$ "=/%%$6] $U$%+ *#4%/+3.$* #%
9=/*$ *9/"$ F$*#4% 10 "#."3#+ 5.$/S$.*>
4./"$036 F$4./F/&1%> .$"&'$.*
2$6$U/%"$ +1 !#%4/91.$ t!7/.+ 8#&$*g [*$$
411FP5/F $T/796$ !1%4F1> -1.+6/%F]
NK
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
31/34
?=/%S :13
C1B !"#$%&*+* 2$6/T
b%0./.$F *9$"+.1*"19: 1% /
U$T#%4 9.156$7 10 13. &7$*O
?.36: "179/.#%4 /996$* /%F1./%4$*
NL
E *9$"+.14./9=#" /%/6:*#* 10 4.13%F>
F$*#""/+$F */796$* 10 / W./%%: !7#+=
/996$ /%F / !3%S#*+ %/U$6 1./%4$H -#"+3.$
0.17 h!/%nui
Y3)&: =," G,* =,"* -@% /%F
+=$ "1%*#F$./&1% 10 #F$/*H
b /99.$"#/+$ 5$#%4 /+ !:!"/%/%F +1 '%/66: U#*#+ !#%4/91.$
"
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
32/34
2$0$.$%"$* bhE*/%JKKni wH E*/%1U#" $+ /6 YE U#$B 10 +=$ 9/./66$6 "1793&%4 6/%F*"/9$m> WIWJuJOLK> Q"+JKKn> 99H u_,_j =a9OPPF6H/"7H1.4P"#+/&1%H"07v#FeLu_Jj_MHLu_JjdN
h)1.#/=JKKdi !H )1.#/= $+ /6> Y!#7#6/.#+: @$/*3.$* 01. 8/+$41.#"/6 XYIJ ,"!>NKOJ> JKKd =a9OPPBBB,3*$.*H"*H37%H$F3Px*51.#/=P- C1B +1 81793+$ #% +=$ -.$*$%"$ 10Z$/S/4$> Z[WX> Q"+H JKLJ> 99HNL,MK
=a9OPP$"""H=9#,B$5HF$P.$91.+PJKLJPKLKPF1B%61/FP
hC3%FJKLNi 2HC3%F $+ /6> Y-./"&"/6 ?#7#%4 !#F$ 8=/%%$6 Ea/"S* E4/#%*+ w$.%$6 !9/"$E!Z2m Y\\\ X E G> JKLN > 99H LnL,JKu=a9OPPBBBH#$$$,*$"3.#+:H1.4P?8P!-JKLNP9/9$.*PMnjj/LnLH9F0
h~/%4JKLJi VH ~/%4 $+ /6> Y81%"3..$%": /a/"S*m> ]X\5Y^?+0G/,> JKLJ=a9*OPPBBBH3*$%#TH1.4P*:*+$7P'6$*P"1%0$.$%"$P=1+9/.LJP=1+9/.LJ,'%/6MMH9F0
hV8JKLN/i @H V3."X:S ;WH 816FB#%F> YbF$%&0:#%4 /%F RT961#&%4 l#%F1B* w$.%$6 2/"$81%F#&1%* U#/ @$71.: E""$** -/a$.%*m> X;X1/&> E9.#6 JKLN
=a9OPPpKK.3HU$T#66#37H1.4Pv9eL_nu NJ
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
33/34
2$0$.$%"$* bbh 99H jd,dj =a9*OPP+H"1PA*E%2D.-+q
h 99H uun,ujK =a9OPPBBBH"*H"16375#/H$F3PxpFFP9/9$.*P#*"/LNI7/6B/.$H9F
h@1%+JKLJi l#6$: -.$**> JKLJ> "=H L=a9OPP=#4=$.$F5"*HB#6$:H"17P6$4/":P"166$4$P71%+417$.:PLLLdLM_nJLP*399I7/+$.#/6P"=KLHF1
[email protected]=JKLJi wH @3.9=:> @/"=#%$ Z$/.%#%4> @b?> JKLJ =a9OPPBBBH"*H35"H"/Px73.9=:SP@Z511S
h2$*=$0JKLLi E9.#6 JKLN
=a9OPPBBBH*:*"/%H1.4P#%F$TH9=9PF1B%61/FP4$+PN"_dnL0J$nK$__L$/JNJJM"Fd0MLnJ_JP!:!"/%JKLNI
-
7/21/2019 Scientific Best Practices Cybersecurity R & D WP
34/34
2$0$.$%"$* bbbhV8JKLN5i @H V3."X:S /%F WH 816FB#%F> Yw$.%$6 F1356$,0$+"= ./"$ "1%F#&1% $T961#+/&1% 1%Td_ y 03.+=$. +=134=+*m> =.+%> V3%$ JKLN> =a9OPPpKK.3HU$T#66#37H1.4Pv9eLddK
h!%:F$.JKKdi ZH !%:F$.> Y?=$ B=16$ 51T 10 +116*O l#66#/7 l=$B$66 /%F +=$ 614#" 10 #%F3"&1%m>?/&!=++V +* 03" ?$#0+,; +* 6+%$1 LH,$(#3 6+%$1 $& 03" 5$&"0""&03 W"&0-,;P> RFH O o16M> JKKd> 99HL_NyJJd
hZ#9*1%JKKni @H !"=7#F+ /%F CH Z#9*1% JKKn> 99H dL y du
=a9OPP""*6H7/$H"1.%$66H$F3P*#+$*PF$0/36+P'6$*P!"#$%"$KnI!"=7#F+H9F0
hW/X#*JKLKi -H W/X#* $+ /6H> Yo#$B91#%+*O E C#4=,-$.01.7/%"$ C#4=,