Transcript Lecture30 - The University of Texas at Dallas

Data and Applications Security
Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Dependable Data Management
October 2014
Outline of the Unit
 Secure Dependable Data Management
 Secure Real-time Data Management
 Secure Sensor Information Management
 Reference
- Jungin Kim, Bhavani M. Thuraisingham: Dependable and Secure
TMO Scheme. ISORC 2006: 133-140
- Jungin Kim, Bhavani M. Thuraisingham: Design of Secure
CAMIN Application System Based on Dependable and Secure
TMO and RT-UCON. ISORC 2007: 146-155
- Vana Kalogeraki, Dimitrios Gunopulos, Ravi S. Sandhu, Bhavani
M. Thuraisingham: QoS Aware Dependable Distributed Stream
Processing. ISORC 2008: 69-75
Secure Dependable Information Management:
What is it?
 Features of Secure Dependable Information Management
- secure information management
- fault tolerant information Management
- High integrity and high assurance computing
- Real-time computing
- Trust management
- Data Quality
- Data Provenance
Secure Dependable Information Management:
Integration
 Integration of the different Features
- Quality of Service
- Need end-to-end dependability?
- Dependable OS, Dependable data management,
Dependable middleware, Dependable networks
Secure Dependable Information Management:
Integration
Inference Dependable
Controller Applications
Controller
Inference Dependable
Controller Information Manager
Controller
Inference Dependable
Controller Data Manager
Controller
Dependable
Middleware /
Inference
Controller
Controller
Dependable Object Request Broker
Inference Dependable
Controller Operating System
Controller
Inference
Controller
Dependable
Communication Subsystem
Controller
Secure Dependable Information Management:
Conflict Resolution
 Conflicts between different features
- Security, Integrity, Fault Tolerance, Real-time Processing
- E.g., A process may miss real-time deadlines when
access control checks are made
- Trade-offs between real-time processing and security
 What are the problems?
Access control checks vs real-time constraints
- Covert channels (Secret process could be a high priority
process and an Unclassified process could be a low
priority process)
- Time critical process could be malicious
 Need Flexible policies
- Real-time processing may be critical during a mission
while security may be critical during non-operational
times
-
Secure Dependable Information Management
Example: Next Generation AWACS
Navigation
Data Analysis Programming
Group (DAPG)
Data Links
Sensors
Sensor
Detections
Multi-Sensor
Tracks
Technology
Future
App
provided by
Future
App
the project
Data
Mgmt.
Data
Xchg.
MSI
App
Infrastructure Services
Real-time Operating System
Hardware
Future
App
Display
Processor
&
Refresh
Channels
Consoles
(14)
•Security being considered after
the system has been designed
and prototypes implemented
•Challenge: Integrating real-time
processing, security and
fault tolerance
Secure Dependable Information Management:
Integration
Sensor Data
Sensor
Manager
Object
Security
Sensor
Service
Object
Fault
Sensor
Tolerance
Service Object
Communication
Subsystem
Object Request Broker
/ Infrastructure
Real-time
Sensor
Service
Object
Application
Sensor
Object
Quality
Sensor of
Service
Object
Secure Dependable Information Management:
Directions for Research
 Challenge: How does a system ensure integrity, security, fault
tolerant processing, and still meet timing constraints?
- Develop flexible security policies; when is it more important to
ensure real-time processing and ensure security?
- Security models and architectures for the policies; Examine realtime algorithms – e.g.,query and transaction processing
- Research for databases as well as for applications; what
assumptions do we need to make about operating systems,
networks and middleware?
 Data may be emanating from sensors and other devices at multiple
locations
- Data may pertain to individuals (e.g. video information, images,
surveillance information, etc.)
- Data may be mined to extract useful information
- Privacy Preserving Surveillance
Real-time Information Management
 Real-time Operating Systems
- E.g., Lynx OS
 Real-time Data Management
- Transactions must meet timing constraints
- E.g., RT-Zip (product developed in the early 1990s)
 Real-time Middleware
- E.g., RT-ORB (www.omg.org)
 Real-time networks
- Real-time message passing
 Need end-to-end real-time processing capability
Real-time Data Management
Continuous Query
Response
Dependable
Data Manager = Real-time + Security +
Sensor Data Manager
Fault Tolerant Data Manager
Update Processor
Processes input data,
Carries out action, Stores
some data in stable storage,
Throws away transient data
Input Data
Query Processor
Processes continuous
Real-time
queries andqueries
gives and gives
responses periodically
Data to and from Stable Storage
Stable Dependable
Sensor
Data Storage
Transient Data
Real-time Data Management Management:
Data Model
 Data models such as relational and object models have time
parameters
 Data has timestamp as to when it was last updated
 Data must be kept current and updated to meet timing
constraints
- E.g., Data cannot be more than 1 day old
 Data processing algorithms (e.g., methods in an object model)
must meet timing constraints
E.g., queries and transactions have to complete within a
certain time
-
Real-time Data Management :
Query
 Queries have to meet timing constraints
 Certain queries may be more important than the others
- E.g. queries with short timing constraints
 Queries are processed in such a way that all queries must
meet the deadlines as much as possible
 What happens if the deadlines are not met?
Real-time Data Management :
Transactions
 Transactions have to meet timing constraints
 Transactions are assigned priorities depending on their
deadlines
- Those with shorter deadlines may be given higher
priorities
 Transactions with higher priorities are given resources such
as locks’
 If transactions T1 has priority 8 and Transactions T2 has
priority 5 and if both are competing for locks at these same
time, T1 is given the lock
 If T1 is waiting for a lock that T2 has, then should T2 be
aborted and the lock given to T1?
Conflict between Security and Real-time
Processing
 Suppose transaction T1 has priority 8 and Transactions T2
has priority 5
 Assume that T2 is Unclassified and T1 is Secret
 If T1 is waiting for a lock that T2 has, then one possibility is to
abort T2 and give the lock to T1
 However T2 is Unclassified. Therefore actions of a Secret
transaction have interfered with those of an unclassified
transaction – potential for covert challenges
 Should the system ensure that deadlines are met or should
the system ensure security?
 Access control checks also take time. Therefore in case of
emergency should these checks be ignored?
 Malicious code may tamper with the real-time constraints
Aspects of Data Quality
Components of
Aspects of
Data Quality
Annotations:
Use annotations to
specify data quality
Parameters;
Develop an algebra for
data quality
Semantic web and
data quality:
Data quality for the layers:
XML, RDF, Ontologies,
Interoperability, Query/Rules
Data Mining:
Data mining to improve
data quality;
Need good quality data
to carry out useful
data mining
Security and data quality:
Tradeoffs between ensuring
data quality and confidentiality;
Quality of service management
techniques
Data Provenance
 Keep track of where the data has come from and who has
handled the data
- Data source and how the data has arrived to the current
positions
From A to B to C to D etc.
 Use annotations for data provenance: document data
- Can you trust the data source?
- Has misinformation been given and if so at which point?
Has data been misused?
-
-
Applications
 Protecting Critical Infrastructures
- Power lines and Grids
- Telecommunications
- Food and water supplies
- Reservoirs
- Gas supplies
- National Information Infrastructures
 Protecting Information for the War fighters and Missions
- Getting the right and secure information at the right time
Secure Sensor Information Management
 Sensor network consists of a collection of autonomous and
interconnected sensors that continuously sense and store
information about some local phenomena
- May be employed in battle fields, seismic zones, pavements
 Data streams emanate from sensors; for geospatial applications
these data streams could contain continuous data of maps, images,
etc. Data has to be fused and aggregated
 Continuous queries are posed, responses analyzed possibly in real-
time, some streams discarded while rest may be stored
 Recent developments in sensor information management include
sensor database systems, sensor data mining, distributed data
management, layered architectures for sensor nets, storage
methods, data fusion and aggregation
 Secure sensor data/information management has received very little
attention; need a research agenda
Some Attacks on Sensors and Issues
 Some attacks
- Access control violations, Denial of service attacks, Sensor
protocol attacks, Hardware attacks
 Sensors are often places in enemy territory and are prone to various
types of attacks including terrorist physical attacks
 Sensors also have limited memory and resources and therefore
attacks could cause many problems with little backup procedures
 Wireless sensors are a special types of sensors embedded into
PDAs and other devices
- Many issues and challenges similar for sensors and wireless
sensors
- Need to carry out a comparison of the security issues involved
Secure Sensor Communication
Sensor
Sensor
n
Data
Manager
Sensor
a
Data
Sensor
Communication Subsystem
Sensor
Sensor
on
Data
Manager
Sensor
a
Data
Cluster A: Unclassified Sensors
Sensor
Data
Manager
aSensor
Data
Communication Subsystem
Sensor
Sensor
n
Data
Manager
Cluster B: Classified Sensors
a
Sensor
Data
Secure Sensor Data Manager: An Architecture
Trusted Agent
to compute
checksums
Sensor
Compute Checksum
Based on stream data value
and Security level;
Store Stream data value,
Security level and Checksum
Data Manager
Multilevel
Sensor Data
Compute Checksum
Based on stream data value
and Security level retrieved
from the stored sensor database
Secure Sensor Data Fusion:
Inference Control
Inference Controller:
Inferenceaggregation
Controller
Controls
Controller
Sensor Data Manager
Security Manager:
Manages
Security Manager
constraints
Update Processor:
Processes constraints
Update
Processor
and enters
sensor data
at the appropriate levels
Query Processor:
Query
Processor
Processes
constraints
during query operation
and prevent certain
information from
being retrieved
Data to and from Stable Storage
Stable Sensor
Data Storage
Secure Sensor Information Management:
Directions for Research
 Individual sensors may be compromised and attacked; need
techniques for detecting, managing and recovering from such
attacks
 Aggregated sensor data may be sensitive; need secure storage sites
for aggregated data; variation of the inference and aggregation
problem?
 Security has to be incorporated into sensor database management
- Policies, models, architectures, queries, etc.
 Evaluate costs for incorporating security especially when the sensor
data has to be fused, aggregated and perhaps mined in real-time
 Suspicious event detection and Privacy preserving surveillance