Research in the Resilient Systems and Societies Lab (RSSLab) focuses on distributed systems and computer networks, with an emphasis on making the networked systems our society relies on resilient to failures and attacks, and enabling new networked applications.
Some examples of our ongoing projects are below.
The joint threats of increasingly frequent and severe natural disasters due to climate change and increasingly prevalent and sophisticated cyberattacks pose a serious threat to national critical infrastructure. We are investigating compound threats to critical infrastructure systems, where damage due to a natural disaster is compounded by opportunistic cyberattacks that attempt to capitalize on that damage to further disrupt the system or delay the recovery process. The goals of this project are to develop frameworks to model the effects of these compound threats, and to design new system architectures that can better withstand this combination of natural disasters and malicious attacks.
We are especially interested in compound threats to the power grid, and are exploring techniques to build resilience in the context of the Spire Intrusion-Tolerant SCADA System for the Power Grid, which is developed by the Pitt RSSLab and the Johns Hopkins University Distributed Systems and Networks (DSN) Lab.
This project has been funded through the DoD Strategic Environmental Research and Development Program (SERDP), in the project “Severe Impact Resilience: Framework for Adaptive Compound Threats”.
Intrusion tolerance, or the ability to operate correctly even while partially compromised by an attacker, is an increasingly important concern for high value systems. However, despite a long line of work on using Byzantine Fault Tolerant (BFT) replication to enable such high value systems to withstand successful intrusions, such solutions are still challenging to deploy in practice and require a high level of expertise to manage.
Further complicating deployment, we have shown that tolerating sophisticated network attacks in addition to intrusions requires that system management and state be distributed across at least three distinct geographic sites (see “Network-Attack-Resilient Intrusion-Tolerant SCADA for the Power Grid”).
We are developing new techniques to make intrusion-tolerant systems easier to deploy by offloading part of the system management to a cloud service provider. However, this raises significant confidentiality concerns, as sharing sensitive data and/or proprietary algorithms with a cloud provider may not be an acceptable trade-off.
Our recent work, “Toward Intrusion Tolerance as a Service: Confidentiality in Partially Cloud-Based BFT Systems”, published in DSN 2021 has shown how we can make use of cloud sites to host additional system replicas without needing to expose any unencrypted state to the cloud.
We are continuing to work to develop new architectures to further simplify system management and meet the needs of a broad range of applications.
We are working to develop tools and socio-technical approaches to make environmental monitoring and collective sense-making of environmental data at the community level more accessible and sustainable.
Between July and October 2021, we completed a pilot project in the Nine Mile Run Watershed, in collaboration with Upstream Pittsburgh. Participants deployed low cost environmental sensors at their homes and had the option to participate in a Slack-based discussion group to collectively make sense of the data.
Abhishek Viswanathan was awarded a Year of Data and Society grant, together with Amy Babay and Rosta Farzan, to engage community members in analyzing the data produced in the pilot project through a series of workshops focused on data analysis, data visualization, and data storytelling.
We are investigating techniques to support emerging internet applications with demanding combinations of performance, reliability, and/or resilience requirements. Our current work focuses on scalable support for highly interactive applications (collaborative VR, immersive multiplayer gaming, remote manipulation).
This work uses structured overlay networks that run on top of the internet to implement custom routing and transport protocols to enable new services that are not well supported on the native internet.