research opportunities at the institute for cyber security
Post on 25-Jan-2015
217 Views
Preview:
DESCRIPTION
TRANSCRIPT
INSTITUTE FOR CYBER SECURITY
11
Research Opportunities at theInstitute for Cyber Security (ICS)
Ravi SandhuExecutive Director and
Endowed Professorwww.ics.utsa.edu
www.profsandhu.com
INSTITUTE FOR CYBER SECURITY
2
About ICS
2
ICS
ICS LabsWorld-class sponsored research on all aspects
of cyber security in collaboration with leading academic, industry and government partners
ICS IncubatorDevelops innovative security products and companies by
bringing in novel and commercially viable ideas and prototypes,
incubating and developing these and spinning out companies
ICS CIASConducts dark screen
exercises and training at the city and county level to
improve our nation’s capability to withstand coordinated cyber
attacks
We are a startupFounded June 2007 by multi-million start-up funding from State of Texas, conditional on recruiting Prof. Ravi Sandhu to lead ICS We are different
World-class research with commercialization
ICS Labs is off to a great start$1.7M (UTSA portion) in new funding won in 2008 in partnership withPurdue, UIUC, UMBC, UNCC, Michigan, UTD, Penn St., ASU, Georgia Tech
INSTITUTE FOR CYBER SECURITY
3
About Ravi Sandhu BTech, MTech: Electrical Engineering, IIT Bombay, IIT Delhi MS, PhD: Computer Science, Rutgers Univ., New Jersey
Assistant Prof of Computer Science, Ohio State U (6 yrs) Associate/Full Prof of Information Security, George Mason U (18 yrs) Full Prof & Endowed Chair of Cyber Security, UTSA (2007 onwards)
Founding EIC ACM TISSEC: world’s leading security journal Founder ACM CCS: world’s leading security conference Founder ACM SACMAT: another leading security conference Major author of NIST/ANSI Standard on Role-Based Access Control Creator & architect of MS and PhD programs in Cyber Security at GMU
Co-Founder & Chief Scientist, TriCipher: Silicon Valley startup
One of the world’s most cited authors in cyber security research 10,000+ Google Scholar hits, with two superhits (3200+ and 1900+
hits) 175 papers with 50+ co-authors, 14 PhD graduates
ACM Fellow, IEEE Fellow, 12 Security Technology patents Awards from ACM, IEEE, NIST, NSA
INSTITUTE FOR CYBER SECURITY The Computer Science Research Triangle
4
Theorye.g., P =? NP,
Automata
Implementatione.g., Virtualization,
Peer-to-peer
Modelse.g., 7-layer OSI nw stack,
OO Programming
A good PhD dissertation should involve all 3 elements but contributions will typically emphasize one of these
ICS Forte
INSTITUTE FOR CYBER SECURITY Cyber Security Goals
5
5
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEpurpose
USAGE
INSTITUTE FOR CYBER SECURITY
6
ICS Forte: Security Models and Analysis
ModelsRBAC: Role-Based Access Control,1992-UCON: Usage Control, 2002-PEI: Policy-Enforcement-Implementation, 2000-…
ApplicationsEnterprise securityIdentity managementInformation sharingStream-processingSocial networking…
IT TechnologiesWeb 2.0VirtualizationSoftware as a Service (SaaS)Web servicesTrusted computingSemantic web…
Attack TechnologiesBotnetsPhishingBuffer overflowCross scriptingSniffers…
INSTITUTE FOR CYBER SECURITY RBAC96 Model (1992-)
7
ROLES
USER-ROLEASSIGNMENT
PERMISSIONS-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
The most successful authorization model so far
INSTITUTE FOR CYBER SECURITY
8
Usage Control UCON Model (2002-)
Rights(R)
Authorizations
(A)
Subjects(S)
Objects(O)
Subject Attributes (SA) Object Attributes (OA)
Obligations(B)
Conditions(C)
UsageDecisions
before-usage ongoing-Usage after-usage
Continuity of Decisions
pre-decision ongoing-decision
pre-update ongoing-update post-update
Mutability of Attributes
• unified model integrating• authorization• obligation• conditions
• and incorporating• continuity of decisions• mutability of attributes
New kid on the blockReceiving good traction
INSTITUTE FOR CYBER SECURITY
9
PEI Models (2004-)
No competing framework so far
INSTITUTE FOR CYBER SECURITY Current Funded Projects Managing the Assured Information Sharing Life Cycle (AISL)
Sponsor: Air Force Office of Scientific Research, MURI, 2008-2013Partners: UMBC, Michigan, UIUC, Purdue, UTD 9/11 caused us to move from a "need to know" mindset to a "need to share" posture. What
does this really mean? What are the implications? How can we share safely? How do we “share but protect”?
Securing Dynamic Online Social Networks Sponsor: National Science Foundation, 2008-2012 Partners: Penn. State Univ., ASU, UNC-Charlotte Content, often including private sensitive data, is flowing into social networks at a very high
rate. How do we enable privacy and security without impacting the velocity of data transfer and
convenience?
A Framework for Combating Stealthy BotnetsSponsor: Air Force Office of Scientific Research, MURI, 2008-2013Partners: Georgia Tech. Botnets are the most dangerous, widespread and insidious attack vehicles on the Internet.
Future botnets are anticipated to use stealth techniques such as encryption and aggregation to avoid exposure, easily defeating current detection techniques. What do we do to contain this threat?
Secure Knowledge Management: Models and Mechanisms Sponsor: National Science Foundation, 2007-2009 How do we combine cryptographic techniques and access control techniques to effectively
protect information and knowledge?
10
INSTITUTE FOR CYBER SECURITY Current Un-Funded Projects
Write your own ticket
11
INSTITUTE FOR CYBER SECURITY
12
Group-Based Information Sharing
Information Sharing Metaphors:Secure virtual room in cyberspaceSubscription service
Idealized policy:Formalized using temporal logic
Pragmatic policy:Approximation to ideal, formalized using temporal logic
Detailed protocols
Working system
INSTITUTE FOR CYBER SECURITY Conclusion
The need for cyber security will only grow Unless humans suddenly transform into angels Unless cyber innovations stop delivering productivity gains
The best we can offer is to stay ahead of the attackers Attackers are often more innovative and more incented than defenders Every cyber technology innovation creates a new attack-defend cycle No final solution
UTSA has a world class research operation in cyber security Take security courses Join our team Come talk to me: drop me an email and I will make
time We have multiple openings
Come join us on Nov 18th to celebrate our Founders Day 4:00-5:30pm: Distinguished lecture by Prof. Eugene Spafford of
Purdue 5:30-7:00pm: Wine and cheese reception See www.ics.utsa.edu
13
top related