cyber security essentials dr. bhavani thuraisingham the university of texas at dallas introduction...
TRANSCRIPT
Cyber Security Essentials
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
May 29, 2015
Text Book
CISSP All-in-One Exam Guide, Sixth Edition Author: Shon Harris Publisher: McGraw-Hill Osborne Media; 6th edition Language: English
Course Rules
Unless special permission is obtained from the instructor, each student will work individually.
Copying material from other sources will not be permitted unless the source is properly referenced.
Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department
No copying of anything from a paper except for about 10 words in quotes. No copying of figure even if it is attributed. You have to draw all figures.
Course Attendance is Mandatory unless prior permission is obtained
Course Plan
Exam #1: 20 points – July 10 Exam #2: 20 points - August 7?? Two term papers 10 points each: Total 20 points
- June 26, July 24 Programming project : 20 points
- July 31 Two Assignments: 10 points each: Total: 20 points
- June 19, July 17
Assignment #1
Explain with examples the following
- Discretionary access control
- Mandatory access control
- Role-based access control (RBAC)
- Privacy aware role based access control
- Temporal role based access control
- Risk aware role-based access control
- Attribute-based access control
- Usage control (UCON)
Assignment #2
Suppose you are give the assignment of the Chief Security Officer of a major bank (e.g., Bank of America) or a Major hospital (e.g., Massachusetts General)
Discuss the steps you need to take with respect to the following (you need to keep the following in mining: Confidentiality, Integrity and Availability;; you also need to understand the requirements of banking or healthcare applications and the policies may be:
- Information classification
- Risk analysis
- Secure networks
- Secure data management
- Secure applications
Term Papers
Write two papers on any topic discussed in class (that is, any of the 10 CISSP modules)
Sample format - 1
Abstract Introduction Survey topics – e..g, access control models Analysis (compare the models) Future Directions References
Sample format - 2
Abstract Introduction Literature survey and what are the limitations Your own approach and why it is better Future Directions References
Project
Software Design document
- Project description
- Architecture (prefer with a picture) and description (software – e.g., Oracle, Jena etc.)
- Results
- Analysis
- Potential improvements
- References
Sample projects
Risk analysis tool Query modification for XACML Data mining tool for malware Trust management system - - - -
Paper: Original – you can use material from sources, reword (redraw) and give reference
Abstract Introduction Body of the paper
- Comparing different approaches and analyzing
- Discuss your approach,
- Survey Conclusions References
- ([1]. [2], - - -[THUR99].
- Embed the reference also within the text.
- E.g., Tim Berners Lee has defined the semantic web to be -- -- [2].
Contact
For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- URL:
- http://www.utdallas.edu/~bxt043000/
Index to Lectures for Exam #2Lecture #3: Data Mining for Malware Detection
Lecture #7: Digital Forensics
Lecture #8: Privacy
Lecture #11: Access Control in Data Management Systems
Lecture #13: Secure Data Architectures
Lecture #20: Introduction to SOA, Secure SOA, Secure Cloud
Lecture #21: Secure Cloud Computing (some duplication with Lecture #20)
Lecture #22: Comprehensive Overview of Cloud Computing
Lecture #23: Secure Publication of XML Documents in the Cloud
Lecture #24: Cloud-based Assured Information Sharing
Lecture #25: Secure Social Media
Also read the paper Managing Multi-Jurisdictional Requirements in the Cloud: Towards a Computational Legal Landscape, David Gordon and Travis Breaux; ACM CCS Cloud Security Workshop 2011
Papers to Read for Exam #2
Managing Multi-Jurisdictional Requirements in the Cloud: Towards a Computational Legal Landscape, David Gordon and Travis Breaux; ACM CCS Cloud Security Workshop 2011
Access Control in Data Management Systems (Lecture #11)
- Suggested Papers
- RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996)
- UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) - first 20 pages
- DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)
Privacy (Lecture #8)
- Suggested papers
- Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD Conference 2000: 439-450
Papers to Read for Exam #2
Data Mining for Malware Detection (Lecture #3)
- Suggested Papers
- Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to Detect Malicious Executables. ICC 2007: 1443-1448
Secure Third Part Publication of XML Data in the Cloud (Lecture #23)
- Suggested Papers
- Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) (first 6 sections, proofs not needed for exam)
Cloud-basd Assured Information Sharing (Lecture #24)
- Suggested Papers
- Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu, Bhavani M. Thuraisingham: A cloud-based RDF policy engine for assured information sharing. SACMAT 2012: 113-116
Papers to Read for Exam #2
Secure Social Media (Lecture #25)
- Suggested Papers
- Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani
M. Thuraisingham: A semantic web based framework for social network access
control. SACMAT 2009: 177-186
- Jack Lindamood, Raymond Heatherly, Murat Kantarcioglu, Bhavani M.
Thuraisingham: Inferring private information using social network data. WWW 2009
: 1145-1146
Papers to Read for Presentations: CODASPY 2011Lei Jin, Hassan Takabi, James B. D. Joshi: Towards active detection of identity clone attacks on online social networks. 27-38 (Sachin)
Philip W. L. Fong: Relationship-based access control: protection model and policy language. 191-202
Mohammad Jafari, Philip W. L. Fong, Reihaneh Safavi-Naini, Ken Barker, Nicholas Paul Sheppard: Towards defining semantic foundations for purpose-based privacy policies. 213-224 (Jane)
Igor Bilogrevic, Murtuza Jadliwala, Jean-Pierre Hubaux, Imad Aad, Valtteri Niemi: Privacy-preserving activity scheduling on mobile devices. 261-272
Barbara Carminati, Elena Ferrari, Sandro Morasca, Davide Taibi: A probability-based approach to modeling the risk of unauthorized propagation of information in on-line social networks. 51-62 (Chitra)
Papers to Read for Presentations: CODASPY 2012
Yuhao Yang, Jonathan Lutes, Fengjun Li, Bo Luo, Peng Liu: Stalking online: on user privacy in social networks. 37-48 (Jason)
Suhendry Effendy, Roland H. C. Yap, Felix Halim: Revisiting link privacy in social networks. 61-70 (Kruthika)
Ninghui Li, Haining Chen, Elisa Bertino: On practical specification and enforcement of obligations. 71-82 (Ankita)
Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo, Alessandra Russo: Risk-based security decisions under uncertainty. 157-168 (Navya)
Musheer Ahmed, Mustaque Ahamad: Protecting health information on mobile devices. 229-240 (Ajay)
Papers to Read for Presentations: CODASPY 2013
Sanae Rosen, Zhiyun Qian, Zhuoqing Morley Mao: AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users. 221-232 (Akshay)
Rimma V. Nehme, Hyo-Sang Lim, Elisa Bertino: FENCE: continuous access control enforcement in dynamic data stream environments. 243-254
Wei Wei, Ting Yu, Rui Xue: iBigTable: practical data integrity for bigtable in public cloud. 341-352 (Ashwin)
Majid Arianezhad, L. Jean Camp, Timothy Kelley, Douglas Stebila: Comparative eye tracking of experts and novices in web single sign-on. 105-116
Papers to Read for Presentations: CODASPY 2014
William C. Garrison III, Yechen Qiao, Adam J. Lee: On the suitability of dissemination-centric access control systems for group-centric sharing. 1-12 (Pratyusha)
Ebrahim Tarameshloo, Philip W. L. Fong, Payman Mohassel: On protection in federated social computing systems. 75-86 (Aishwarya)
Michael Mitchell, Guanyu Tian, Zhi Wang: Systematic audit of third-party android phones. 175-186
Tien Tuan Anh Dinh, Anwitaman Datta: Streamforce: outsourcing access control enforcement for stream data to the clouds. 13-24 (Arpita)
Mohammad Saiful Islam, Mehmet Kuzu, Murat Kantarcioglu: Inference attack against encrypted range queries on outsourced databases. 235-246
Papers to Read for Presentations – ACM CCS Cloud Security Workshop 2011
All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils Gruschka and Luigi Lo Iacono (Kirupa)
Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications Andrew Brown and Jeff Chase (Rohit)
Detecting Fraudulent Use of Cloud Resources Joseph Idziorek, Mark Tannian and Doug Jacobson
Papers to Read for Presentations – ACM CCS Cloud Security Workshop 2012
Fast Dynamic Extracted Honeypots in Cloud Computing Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser (Anirudh)
Unity: Secure and Durable Personal Cloud Storage Beom Heyn Kim, Wei Huang, David Lie
Exploiting Split Browsers for Efficiently Protecting User Data Angeliki Zavou, Elias Athanasopoulos, Georgios Portokalidis, Angelos Keromytis (Rahul)
CloudFilter: Practical Control of Sensitive Data Propagation to the Cloud Ioannis Papagiannis, Peter Pietzuch
Papers to Read for Presentations – ACM CCS Cloud Security Workshop 2013
Structural Cloud Audits that Protect Private InformationHongda Xiao; Bryan Ford; Joan Feigenbaum
Cloudoscopy: Services Discovery and Topology MappingAmir Herzberg; Haya Shulman; Johanna Ullrich; Edgar Weippl (Ahmed)
Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud ArchivesChris Kanich; Peter Snyder (Greeshma)
Supporting Complex Queries and Access Policies for Multi-user Encrypted DatabasesMuhammad Rizwan Asghar; Giovanni Russello; Bruno Crispo
Papers to Read for Presentations – ACM CCS Cloud Security Workshop 2014
CloudSafetyNet: Detecting Data Leakage between Cloud TenantsChristian Priebe; Divya Muthukumaran; Dan O'Keeffe; David Eyers; Brian Shand; Ruediger Kapitza; Peter Pietzuch (Sowmaya)
Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage, Nathalie Baracaldo; Elli Androulaki; Joseph Glider; Alessandro Sorniotti
A Framework for Outsourcing of Secure ComputationJesper Buus Nielsen; Claudio Orlandi (Ajay)
Guardians of the Clouds: When Identity Providers Fail Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk (Viswesh)
Your Software at my Service Vladislav Mladenov, Christian Mainka; Florian Feldmann; Julian Krautwald; Joerg Schwenk