Language-based Security Dr. Kevin W. Hamlen - CSI
Download
Report
Transcript Language-based Security Dr. Kevin W. Hamlen - CSI
Cyber Security Research and
Education Institute (CSI)
The University of Texas at Dallas
April 1, 2013
FEARLESS engineering
4/8/2015
1
Our History
• NSA/DHS Center for Excellence in Cyber Security
Education June 2004
• Cyber Security Research Center (CSRC) Established
October 4, 2004
• NSA/DHS Center for Excellence in Cyber Security Research
June 2008
• Cyber Security Research and Education Center (CySREC)
Established September 2010
• Cyber Security Research and Education Institute (CSI)
Established April 1, 2013
FEARLESS engineering
Our Faculty
Founder
• Bhavani Thuraisingham, PhD, DEng (U of Wales, U of Bristol - UK) October 2004
Core Faculty
• Alvaro Cardenas, PhD (U of MD) Spring 2013 - Control Systems Security
•
Yvo Desmedt, PhD (U. Leuven-Belgium) Fall 2012 - Cryptography
•
Kevin Hamlen, PhD (Cornell) Fall 2006 - Language and Software Security
•
Murat Kantarcioglu, PhD (Purdue) Fall 2005 - Data Security and Privacy
•
Zhiqiang Lin, PhD (Purdue) Fall 2011 - Systems Security and Forensics
•
Yiorgos Makris, PhD (UC San Diego) Fall 2011 - Hardware Security
•
Kamil Sarac, PhD (UC Santa Barbara) Spring 2010 - Network Security
•
Latifur Khan, PhD (U of Southern CA) Spring 2005 - Data Mining for Security
Several additional faculty are affiliated with the Center from ECS, SOM, EPPS, BBS, NSM.
They bring expertise in: Risk Analysis, Economics of Security, Game Theory for Modelling
the Adversary, and Psychology of Hackers, among others.
FEARLESS engineering
Our Accomplishments
•
NSA/DHS Center for Excellence in Education (2004) and Research (2008)
•
$20m in Research Funding and $3m in Education funding
•
Prestigious grants and contracts including: Multiple NSF Career, AFOSR
YIP, DoD MURI
•
Fellowships and Awards:
•
IEEE, AAAS, IACR Fellowships; IEEE and ACM Awards
•
e.g., IEEE CS Technical Achievement, IEEE SMC/Homeland Security
Technical Achievement
•
Numerous keynote addresses, top-tier journal and conference
publications, open source tools and prototypes, patents
•
Collaborative research with AFRL, Raytheon, Rockwell
•
Known for Interdisciplinary Research
•
PhD Student placements at IBM TJ Watson, Google Privacy, Microsoft,
Amazon, Clemson U, …
FEARLESS engineering
Our Sponsors
FEARLESS engineering
Our Academic Collaborators
FEARLESS engineering
CSI Organization
Project
Coordinator
Cyber Security Research
and Education Institute
(CSI)
Ms Rhonda Walls
Dr. Bhavani Thuraisingham
Chief Scientist
Dr. Yvo Desmedt
Executive Director
Education Center
Dr. Kamil Sarac
• NSF SFS Program
• DoD IASP
• NSF Secure Cloud
Research Centers
Data Security/Privacy
Dr. Murat
Kantarcioglu
Active Malware Defense
Dr. Kevin Hamlen
• TexSAW
• Cyber Security
Certificate Programs
Research Labs
Systems Security/
Virtualization
(Dr. Zhiqiang Lin)
Applicable Cryptopraphy
(Dr. Yvo Desmedt)
Affiliated Centers
and Labs
VMware
Intl. Center for Decision
and Risk Analysis
(Dr. Alain Bensoussan)
Sandia
Hardware Security
(Dr. Yiorgos Makris)
Raytheon
Security Analytics
Dr. Latifur Khan
Critical Infrastructure
(Dr. Alvaro Cardenas)
Tektronix
Secure Cloud
Dr. Bhavani
Thuraisingham
Network Security
(Dr. Kamil Sarac)
IBM
Rockwell
Sandia
Cisco
Cyber Operations
Dr. Han Kallberf
FEARLESS engineering
Industry Sponsors
and Collaborators
Nokia
Center for Crime and
Justice Studies
(Dr. Robert Morris)
Cognitive Neuro Science
(Dr. Daniel Krawczyk and
Dr. James Bartlett)
Statistics
(Dr. Michael Baron)
NSF IUCRC
(Dr. Farokh Bastani)
Research Thrust - 1
• Active Malware Defense
– Sponsors: AFOSR, NSF, NASA, Sandia, ONR
– Reactively Adaptive Malware and Frankenstein
– Reverse Engineering for Malware Detection
– Android Malware Detection
– Novel Data/Stream Mining Techniques for
• Malware detection
• Insider threat analysis
• Intrusion detection
– Host Health Management
– Risk Analysis for Botnets
FEARLESS engineering
Research Thrust - 2
• Data Security and Privacy
– Sponsors: AFOSR, NSF, NIH, ARO
– Privacy Preserving Record Linkage and Mining
– Adversarial Data Mining
– Secure Data Provenance
– Policy and Incentive-based Assured Information
Sharing
– Security and Privacy for Social Networks
– Inference Control
– Risk-aware Data Security and Privacy
FEARLESS engineering
Research Thrust - 3
• Secure Cloud Computing
– Sponsors: AFOSR, VMware
– Virtual Machine Introspection and VM Space
Traveler
– Secure Virtualization
– Hybrid Cloud Security
– Secure Cloud Data Storage
– Secure Cloud Query Processing
– Cloud-based Assured Information Sharing
– Cloud-based Malware Detection
– Cloud Forensics
FEARLESS engineering
Research Thrust - 4
• Systems/Language/Networks/Hardware Security
– Sponsors: AFOSR, NSF, ARO, DARPA, CISCO
– Safe Re-use Oriented Reverse Engineering
– Binary Code Analysis
– In-Line Reference Monitor
– Hardware Trojan Detection
– Network Measurements
– Control Systems Security
– Cryptographic Techniques
FEARLESS engineering
Research Thrust - 5
• Data/Security Analytics
– Sponsors: IARPA, Raytheon, Tektronix, Nokia,
NASA, NGA, AFOSR
– Semantic Web Data Management and
Integration
– Geospatial Data Management and Integration
– Stream-based Novel Class Detection for Text
– Social Network Data Analytics
– Multimedia Data Management and Mining
FEARLESS engineering
Education Thrust
• Sponsors: NSF, DoD
– NSF SFS Scholarship for Service
– DoD IA Scholarship
– NSF Assured Cloud Computing
– Degrees and Certificates
– Courses Offered
•
Computer/Information Security, Network Security, Data and
Applications Security, Digital Forensics, Cryptography,
Data Privacy, Secure Web Services, Secure Cloud
Computing, Hardware Security, CISSP Modules
•
Secure Social Networks, Data Mining for Security,
Big Data Analytics, Critical Infrastructure Protection,
Biometrics, Security Engineering
FEARLESS engineering
Current Proposal Efforts
• Research
– Attack attribution
– Studying hacker behavior to develop more
secure information systems
– Cyber operations
• Education
– Interdisciplinary education program between
ECS, SOM, EPPS, BBS
– IGERT (Integrative Graduate Education and
Research Traineeship Program
– Cyber security in the systems engineering
program
FEARLESS engineering
Intellectual Property and Technology Transfer
•
•
•
Tweethood – Dr. Latifur Khan
– Patent pending technology that started with location mining on
Tweets and extended to mining several demographic attributes
– Complete system built around Tweethood
– Presented to CIA and USAF, and CIA will introduce the technology to
IN-Q-TEL
VM Space Traveler – Dr. Zhiqiang Lin
– Patent pending technology on virtualization security
– VMware has expressed interest in licensing; 70K gift from VMware
for further development
SNOD – Stream-based Novel Class Detection
• Patent pending technology jointly by Dr. Latifur Khan and
Dr. Jiawei Han (UIUC)
• System being developed around SNOD
• IBM has expressed interest in licensing
FEARLESS engineering
Our Outreach Examples
•
Numerous Press Releases and TV Appearances
– e.g., When President Bush family emails were hacked, LA Times came
to UTD for inputs
– Articles in Economist, New Scientist, NBC News, Boston Globe
•
Resource for Major Corporations in Cyber Security
– One of 12 Cyber Security Research & Education Programs in the World
interviewed by IBM T. J. Watson Center for a Best Practices Report
– Courses for AFCEA PDC and numerous AF Bases and DoD Agencies
•
Significant Impact on Cyber Operations
–
•
e.g., Articles in the Journal Forces Quarterly -Top Military Journal
Substantial Innovations
– IP Disclosures, Patents
– Spin-off technologies (e.g., Integration and Mining Social Networks for
Threat Evaluation, Analysis and Prediction)
– Other spin-offs planned (e.g., Malware detection system)
– Open source tools in Cyber Security and Data Analytics
FEARLESS engineering