Introduction - The University of Texas at Dallas
Download
Report
Transcript Introduction - The University of Texas at Dallas
Cyber Security Essentials
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
Course Outline
May 31: Introduction to Security, Malware
June 7: Security Governance and Risks / Data mining overview
June 14: Access Control / Access control and policy for data
management /Data Mining for Security
June 21: Security architecture / Access control for web services and
the cloud/Identity Management
June 28: Cryptography / Identity Management / Exam #1 Review
July 5: Exam #1 / Guest Lecture
July 12: Network Security / Secure XML Publishing
July 19: Data and Applications Security / Secure Data Architectures;
/ Assured Cloud Computing / Securing Social Networks
July 26: Legal Aspects/Forensics / Privacy Preserving Data
Mining/Operations Security/Disaster Planning / Physical Security/
Papers presented / Insider Threat/Review for Exam #2
August 9: Exam #2
Text Book
CISSP All-in-One Exam Guide, Fifth Edition
Author: Shon Harris
Hardcover: 1216 pages
Publisher: McGraw-Hill Osborne Media; 5 edition (January 15, 2010)
Language: English
ISBN-10: 0071602178
ISBN-13: 978-0071602174
Course Rules
Unless special permission is obtained from the instructor, each
student will work individually.
Copying material from other sources will not be permitted unless the
source is properly referenced.
Any student who plagiarizes from other sources will be reported to
the Computer Science department and any other committees as
advised by the department
No copying of anything from a paper except for about 10 words in
quotes. No copying of figure even if it is attributed. You have to draw
all figures.
COURSE ATTENDANCE IS MANDATORY
Course Plan
Exam #1: 20 points – July 5
Exam #2: 20 points - August 9
Two term papers 10 points each: Total 20 points
- June 28, July 27
Programming project : 20 points
- August 2
Two Assignments: 10 points each: Total: 20 points
- June 21, July 19
Assignment #1
Explain with examples the following
- Discretionary access control
- Mandatory access control
- Role-based access control (RBAC)
- Privacy aware role based access control
- Temporal role based access control
- Risk aware role-based access control
- Attribute-based access control
- Usage control (UCON)
Assignment #2
Suppose you are give the assignment of the Chief Security Officer of
a major bank (e.g., Bank of America) or a Major hospital (e.g.,
Massachusetts General)
Discuss the steps you need to take with respect to the following (you
need to keep the following in mining: Confidentiality, Integrity and
Availability;; you also need to understand the requirements of
banking or healthcare applications and the policies may be:
- Information classification
- Risk analysis
- Secure networks
- Secure data management
- Secure applications
Term Papers
Write two papers on any topic discussed in class (that is, any of the
10 CISSP modules)
Sample format - 1
Abstract
Introduction
Survey topics – e..g, access control models
Analysis (compare the models)
Future Directions
References
Sample format - 2
Abstract
Introduction
Literature survey and what are the limitations
Your own approach and why it is better
Future Directions
References
Contact
For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School
of Engineering and Computer Science EC31, The University of
Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- URL:
- http://www.utdallas.edu/~bxt043000/
Project
Software
Design document
- Project description
- Architecture (prefer with a picture) and description (software –
e.g., Oracle, Jena etc.)
- Results
- Analysis
- Potential improvements
- References
Sample projects
Risk analysis tool
Query modification for XACML
Data mining tool for malware
Trust management system
-
Paper: Original – you can use material from
sources, reword (redraw) and give reference
Abstract
Introduction
Body of the paper
- Comparing different approaches and analyzing
- Discuss your approach,
- Survey
Conclusions
References
- ([1]. [2], - - -[THUR99].
- Embed the reference also within the text.
- E.g., Tim Berners Lee has defined the semantic web to be -[2].
--
Papers to read for Exam #1
Identity Management
- David W. Chadwick, George Inman: Attribute Aggregation in
Federated Identity Management. IEEE Computer 42(5): 33-40
(2009)
Role-based Access control
- Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E.
Youman: Role-Based Access Control Models. IEEE Computer
29(2): 38-47 (1996)
Usage Control
- First 20 pages or so of
- Jaehong Park, Ravi S. Sandhu: The UCONABC usage control
model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004)
Papers to read for Exam #1
Dissemination Control
- Roshan K. Thomas, Ravi S. Sandhu: Towards a Multidimensional Characterization of Dissemination Control. POLICY
2004: 197-200Role-based Access control
Index to Exam #1
Lecture 3: Information Security Governance, Risk (Q1)
Lecture 5:Data Mining for Malware Detection (Q2)
Lecture 6: Access Control (Q3)
Lecture 7: Access Control in Data Management Systems (Q4)
- Also includes the 3 papers on role based access control, Usage
control and dissemination control (Q5)
Lecture 8: Security Architecture and Design (Q6)
Lecture 9: Security for SOA/Web Services (Q7)
Lecture 10: Secure Cloud Computing (Q8)
Lecture 12: Cryptography (Q9)
Lecture 14: Charts on Identity Management (based on Identity
Management paper) (Q10)
Extra credit 2 questions
Papers to read for Exam #2
Security and Privacy for Social Networks
- Jack Lindamood, Raymond Heatherly, Murat Kantarcioglu,
Bhavani M. Thuraisingham: Inferring private information using
social network data. WWW 2009: 1145-1146
- Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat
Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based
framework for social network access control. SACMAT 2009:
177-186
Secure XML Publishing
- Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M.
Thuraisingham, Amar Gupta: Selective and Authentic ThirdParty Distribution of XML Documents. IEEE Trans. Knowl. Data
Eng. 16(10): 1263-1278 (2004)
Papers to read for Exam #2
Assuring Information Sharing in the Cloud
- Tyrone Cadenhead, Murat Kantarcioglu, Vaibhav
Khadilkar, Bhavani M. Thuraisingham: Design and
Implementation of a Cloud-Based Assured Information Sharing
System. 36-50
Papers presented by the TA – posted in Lecture 16 (July 5, 2013)
Large-scale Plagiarism Detection and Authorship attribution
- (1) Juxtapp: A Scalable System for Detecting Code Reuse
Among Android Applications
-
http://www.cs.berkeley.edu/~dawnsong/papers/2012%20juxtapp
_dimva12.pdf
(2) On the Feasibility of Internet-Scale Author Identification
http://www.cs.berkeley.edu/~dawnsong/papers/2012%20On%20t
he%20Feasibility%20of%20InternetScale%20Author%20Identification.pdf
Papers to read for Exam #2
Privacy
- Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving
Data Mining. SIGMOD Conference 2000: 439-450 (presented
August 2, 2-13, posted Lecture 27)
Overview of patents, trademarks, copyright, trade secret - - posted
Lecture 26 (presented August 2, 2013)
Insider Threat Detection (Lecture 28)
- Pallabi Parveen, Jonathan Evans, Bhavani M. Thuraisingham,
Kevin W. Hamlen, Latifur Khan: Insider Threat Detection Using
Stream Mining and Graph Mining. SocialCom/PASSAT 2011:
1102-1110
Index to Exam #2
Lecture 11: Assured Cloud Computing for Information Sharing
Lecture 15: Telecommunications and Network Security
Lecture 16: Two papers presented by TA on July 5
Large-scale Plagiarism Detection and Authorship
attribution
Lecture 17: Data and Applications Development Security
Lecture 18:/Multilevel Secure Data Mgmt/Secure Data Architectures
Lecture 19: Security and Privacy in Social Networks
Lecture 20: Legal, Regulations, Compliance and Investigations
Lecture 21: Physical (Environmental) Security
Lecture 22: Business Continuity and Disaster Recovery Planning
Lecture 23: Operations Security
Index to Exam #2 (Concluded)
Lecture 24: Digital Forensics
Lecture 25: Privacy
Lecture 26 – Patents, Trademarks, Copyright, Trade secret
Lecture 27 – Privacy preserving data mining
Lecture 28 – Insider Threat detection
Lecture 29 – Cyber Operations