9)UTD_Data_Security_June19
Download
Report
Transcript 9)UTD_Data_Security_June19
Data and Applications
Security (DAS) Research
at UTD
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
19 June 2006
3/27/2016 09:52
1-2
Disclaimer
0 This presentation reflects our team's intentions for Data and
Application Security (DAS) research at UTD and will continue to
evolve and could change to meet conditions and uncertainties that
could be prevalent in the future.
0 It is the intent of the DAS team to make UTD a premier research
university in DAS for government and industry.
0 DAS research areas and funding projections are based on current
trends and are not intended to be the final version. Values and
numbers given are only estimates and they involve assumptions.
0 Statements made in this presentation are forward-looking
statements. Such statements are not guarantees of future
performance
3/27/2016 09:52
1-3
Outline
0 What is Data and Applications Security (DAS)?
0 How does DAS fit in within Cyber Security?
0 Strength of UTD in DAS
0 What are UTD’s major areas in DAS?
- Will elaborate on some of the areas
0 Who are our major collaborators?
0 What is our current funding?
0 What investments do we need and potential sources of support?
0 What Technical/Professional Accomplishments do we want to
achieve in the next 3-5 years?
3/27/2016 09:52
1-4
What is DAS?
Integrates Information Security and Data Management
Securing data,
information and
knowledge
Components
systems
and of
applications
Access
Control
Policies
Privacy
Trust
Discretionary and
Multilevel security
Secure relational,
distributed and OO
systems, Query,
transactions
Vulnerability
analysis:
Applications of
data mining in
Worm, Intrusion
detection
Secure warehouses,
Mining systems,
Privacy preserving
data mining
Secure digital
Libraries, sensors
Semantic webs
Secure applications:
Biometrics
Digital forensics
Electronic voting
machines
Details in Bhavani’s book #7
Database and Applications Security, Integrating Data Management and
Information Security, CRC press, 2005
3/27/2016 09:52
1-5
How does DAS fit in within Cyber Security
Cyber Security
Also called
Information
Components of
Security
Data and
Applications
Security
(DAS)
Network Security
(Securing
networks
including secure
protocols and
communications)
Secure Middleware:
Secure object
request brokers
J2EE security
Operating systems
(securing resources
such as files,
interposes
communication)
Cross cutting themes:
Security and
economics
Secure sensors
Access control
Vulnerabilities
3/27/2016 09:52
1-6
Strength of UTD in DAS
0 UTD is one of the top three leaders in DAS (others Purdue and GMU)
0 Bhavani Thuraisingham is considered a leading expert in DAS
- Early contributor; worked in the field for 21 years
- Comprehensive book in DAS
- Invited to over 30 keynote addresses over the past 12 years
- Advisor to govt sponsors while at MITRE
- Strong in related technologies including data mining,
information management and overall cyber security
0 UTD also has a strong primary and supporting team in this area
- Key players: Latifur and Murat in data mining and DAS
- Others: Kevin Hamlen, I-Ling, Prabhakaran, Kang, Weili
= Theory, Web services, Motion data, Visualization, Geospatial
3/27/2016 09:52
1-7
What are UTD’s Major Areas in DAS?
0 Assured Information Sharing (Very Strong)
0 Security for semantic web (Very Strong)
0 Secure Geospatial Information Management (Very Strong)
0 Data Mining for Cyber Security Applications (Strong - Latifur)
0 Data Mining for National Security Applications (Strong)
0 Privacy Preserving Data Mining (Strong - Murat)
0 Secure Data Grid (Strong – I-Ling)
0 Data Integrity and Provenance (Strong – Murat)
0 Secure sensor information management (Strong)
0 Foundations (Strong - Kevin)
0 Other areas: Biometrics, Dependability (Medium)
- Biometrics, - - Very strong = Pioneer, Strong = Leader, Medium = One of many
Next 3 charts will elaborate on the areas we are very strong in; Where are we?
Where do we want to go?
3/27/2016 09:52
1-8
Assured Information Sharing: Where are we?
Where do we want to go? (Bhavani, Latifur, Murat)
Data/Policy for Coalition/ Extract patterns
Where are we?
We are examining
Publish
Data/Policy
Publish
Data/Policy
Friendly partners; Semihonest partners;
Publish
Data/Policy
Component
Data/Policy for
Agency A
3 cases:
Untrustworthy partners
Component
Data/Policy for
Agency C
Techniques: data mining
Component
Data/Policy for
Agency B
and policy enforcement,
game theory, worm
detection
Where do we want to go?
Build a testbed/lab for AIS so that organizations share text, relations,
images, video, geospatial data, carry out analysis and enforce
policies for all 3 cases
3/27/2016 09:52
1-9
Secure Geospatial Data Management: Where are
we? Where do we want to go? (Latifur, Bhavani)
Where are we? Building the pieces in the blue box and developing
geospatial semantic web technologies
Data Source A
Data Source B
Data Source C
Semantic Metadata
Extraction
Decision Centric Fusion
Geospatial data
interoperability through
web services
Geospatial data mining
Geospatial semantic web
Tools for
Analysts
SECURITY/ QUALITY
Where do we want to go/
Use the testbed developed for AIS to test out algorithms
for geospatial data interoperab9lity and security
3/27/2016 09:52
1-10
Secure Semantic Web: Where are we? Where do
we want to go? (Bhavani, Latifur)
0Semantic web provides technologies for Machine Understandable Web Pages
0Where are we?: CPT Policy enforcement (Confidentiality, Privacy, Trust)
T
R
U
S
T
P
R
I
V
A
C
Y
Logic, Proof and Trust
Rules/Query
RDF, Ontologies
XML, XML Schemas
URI, UNICODE
C
O
N
F
I
D
E
N
T
I
L
A
I
T
Y
0 Where do we want to go?
- Need to develop an integrated secure semantic web / Testbed
3/27/2016 09:52
1-11
Who are our major collaborators?
Purdue
AIS
Geospatial
Semantic web
X
GMU UCD
UMBC
UGA
LSU
UTA UVA UIUC
X
X
X
X
X
X
Data mining
For cyber sec.
Data mining
X
for national sec.
Privacy
X
Provenance and
Integrity
Secure Grid
Sensor info
x
X
X
X
X
X
Other
We are also writing some papers with UCI, UCF, WVU, PSU, UNC-Charlotte
Foreign collaborators: U. of Nottingham, Kings College, UK
X
3/27/2016 09:52
1-12
Where is our funding coming from
(since October 2004; jointly with Latifur, Murat)
AFOSR
AIS
AFRL
300K
150K
Geospatial
Semantic web
Raytheon NSF Congress DTO Int./St.up
100K
90K
300K
120K
70K
Data mining
100K
For cyber sec.
50K
Data mining
60K
for national sec.
Privacy
60K
Provenance and
Integrity
Secure Grid
Sensor info
Other
120K
40K
20K
500K
200K
20K
30K
Black: Current External, Red: Verbal confirmation with sponsor,
Purple: Hoping to get funding 2006; Green: Cost share, Internal, Startup (Bhavani only)
Some funding of others (e.g., Murat’s startup) are not included
3/27/2016 09:52
1-13
What investments do we need and potential
sources of support?
AIS
Geospatial
Semantic web
Total Infrastructure NSF MURI
$500K
$1m
$4m
$3m
$1m
$500K
Other sources
$500K
UTD
$2 m
$1m
$500K
$1.5m
$350K
$350K
$500K
Data mining
For cyber sec.
Data mining
for national sec.
Privacy
$700K
$700K
$500K
$350K
TBD
$350K
TBD
Provenance and
Integrity
Secure Grid
Sensor info
400K
$1m
$400K
TBD
250K
Congress
300K
150K
TBD
100K
Other
Other sources are agencies and consortium; e.g. with OGC proposals to NGA
Privacy is mainly Murat’s area with some support from Bhavani
Currently 2m is a line item in the budget for secure grid; 500K/yr to UTD
3/27/2016 09:52
1-14
What other resources do we need?
0 Three more faculty in DAS, Digital Forensics, Data Mining either
assistant or associate professor level from top schools –
- Stanford, CMU, Berkeley, MIT for data mining
- Include UIUC, Purdue and GATech for DAS and Digital Forensics
0 Laboratory space to build an open test bed / laboratory so that we
become a showcase for the government in AIS and related areas
- Demonstrate Assured Information Sharing with data (text,
images, etc.) coming from different sources and demonstrate
through semantic web technologies (sort of a war room)
- Will use SAIAL resources as needed
0 Secretary for managing our papers, open source, patents, projects
3/27/2016 09:52
1-15
What Technical/Professional Accomplishments do
we want to achieve in the next 3-5 years?
We hope UTD
Research in DAS
will result in the
Components of
following
Publications in
top journals
and conferences
IEEE/ACM
Keynotes
Senior member of
IEEE, IEEE/ACM
Fellows,
International
awards
Conference chairs
Consortia/
Standards:
e.g., OGC, Oracle,
Raytheon consortia;
DETER community
Develop open source
Software, Patents
Technology transfer
to companies
Government
Test beds
Books based on
PhD thesis
e.g., Contract signed
For book #1 on data
mining applications
Awad, Khan and
Thuraisingham
UTD DAS Team
will work together
to establish
A government
Southwest Research
Center in this area
For the govt.