Introduction - The University of Texas at Dallas
Download
Report
Transcript Introduction - The University of Texas at Dallas
Cyber Security Essentials
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
May 29, 2015
Text Book
CISSP All-in-One Exam Guide, Sixth Edition
Author: Shon Harris
Publisher: McGraw-Hill Osborne Media; 6th edition
Language: English
Course Rules
Unless special permission is obtained from the instructor, each
student will work individually.
Copying material from other sources will not be permitted unless the
source is properly referenced.
Any student who plagiarizes from other sources will be reported to
the Computer Science department and any other committees as
advised by the department
No copying of anything from a paper except for about 10 words in
quotes. No copying of figure even if it is attributed. You have to draw
all figures.
Course Attendance is Mandatory unless prior permission is obtained
Course Plan
Exam #1: 20 points – July 10
Exam #2: 20 points - August 7??
Two term papers 10 points each: Total 20 points
- June 26, July 24
Programming project : 20 points
- July 31
Two Assignments: 10 points each: Total: 20 points
- June 19, July 17
Assignment #1
Explain with examples the following
- Discretionary access control
- Mandatory access control
- Role-based access control (RBAC)
- Privacy aware role based access control
- Temporal role based access control
- Risk aware role-based access control
- Attribute-based access control
- Usage control (UCON)
Assignment #2
Suppose you are give the assignment of the Chief Security Officer of
a major bank (e.g., Bank of America) or a Major hospital (e.g.,
Massachusetts General)
Discuss the steps you need to take with respect to the following (you
need to keep the following in mining: Confidentiality, Integrity and
Availability;; you also need to understand the requirements of
banking or healthcare applications and the policies may be:
- Information classification
- Risk analysis
- Secure networks
- Secure data management
- Secure applications
Term Papers
Write two papers on any topic discussed in class (that is, any of the
10 CISSP modules)
Sample format - 1
Abstract
Introduction
Survey topics – e..g, access control models
Analysis (compare the models)
Future Directions
References
Sample format - 2
Abstract
Introduction
Literature survey and what are the limitations
Your own approach and why it is better
Future Directions
References
Project
Software
Design document
- Project description
- Architecture (prefer with a picture) and description (software –
e.g., Oracle, Jena etc.)
- Results
- Analysis
- Potential improvements
- References
Sample projects
Risk analysis tool
Query modification for XACML
Data mining tool for malware
Trust management system
-
Paper: Original – you can use material from
sources, reword (redraw) and give reference
Abstract
Introduction
Body of the paper
- Comparing different approaches and analyzing
- Discuss your approach,
- Survey
Conclusions
References
- ([1]. [2], - - -[THUR99].
- Embed the reference also within the text.
- E.g., Tim Berners Lee has defined the semantic web to be -[2].
--
Contact
For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School
of Engineering and Computer Science EC31, The University of
Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- URL:
- http://www.utdallas.edu/~bxt043000/
Index to Lectures for Exam #2
Lecture #3: Data Mining for Malware Detection
Lecture #7: Digital Forensics
Lecture #8: Privacy
Lecture #11: Access Control in Data Management Systems
Lecture #13: Secure Data Architectures
Lecture #20: Introduction to SOA, Secure SOA, Secure Cloud
Lecture #21: Secure Cloud Computing (some duplication with Lecture #20)
Lecture #22: Comprehensive Overview of Cloud Computing
Lecture #23: Secure Publication of XML Documents in the Cloud
Lecture #24: Cloud-based Assured Information Sharing
Lecture #25: Secure Social Media
Also read the paper Managing Multi-Jurisdictional Requirements in the
Cloud: Towards a Computational Legal Landscape, David Gordon and Travis
Breaux; ACM CCS Cloud Security Workshop 2011
Papers to Read for Exam #2
Managing Multi-Jurisdictional Requirements in the Cloud: Towards a
Computational Legal Landscape, David Gordon and Travis Breaux; ACM CCS
Cloud Security Workshop 2011
Access Control in Data Management Systems (Lecture #11)
-
Suggested Papers
-
RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman:
Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996)
UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM
Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) - first 20 pages
DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional
Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)
-
Privacy (Lecture #8)
-
Suggested papers
-
Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD
Conference 2000: 439-450
Papers to Read for Exam #2
Data Mining for Malware Detection (Lecture #3)
-
Suggested Papers
-
Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to
Detect Malicious Executables. ICC 2007: 1443-1448
Secure Third Part Publication of XML Data in the Cloud (Lecture #23)
-
Suggested Papers
-
Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar
Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE
Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) (first 6 sections, proofs not
needed for exam)
Cloud-basd Assured Information Sharing (Lecture #24)
-
Suggested Papers
-
Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu, Bhavani M.
Thuraisingham: A cloud-based RDF policy engine for assured information sharing.
SACMAT 2012: 113-116
Papers to Read for Exam #2
Secure Social Media (Lecture #25)
-
Suggested Papers
-
Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani
M. Thuraisingham: A semantic web based framework for social network access
control. SACMAT 2009: 177-186
-
Jack Lindamood, Raymond Heatherly, Murat Kantarcioglu, Bhavani M.
Thuraisingham: Inferring private information using social network data. WWW
2009: 1145-1146
Papers to Read for Presentations: CODASPY
2011
Lei Jin, Hassan Takabi, James B. D. Joshi: Towards active detection of identity
clone attacks on online social networks. 27-38 (Sachin)
Philip W. L. Fong: Relationship-based access control: protection model and policy
language. 191-202
Mohammad Jafari, Philip W. L. Fong, Reihaneh Safavi-Naini, Ken Barker, Nicholas
Paul Sheppard: Towards defining semantic foundations for purpose-based privacy
policies. 213-224 (Jane)
Igor Bilogrevic, Murtuza Jadliwala, Jean-Pierre Hubaux, Imad Aad, Valtteri Niemi:
Privacy-preserving activity scheduling on mobile devices. 261-272
Barbara Carminati, Elena Ferrari, Sandro Morasca, Davide Taibi: A probabilitybased approach to modeling the risk of unauthorized propagation of information in
on-line social networks. 51-62 (Chitra)
Papers to Read for Presentations: CODASPY
2012
Yuhao Yang, Jonathan Lutes, Fengjun Li, Bo Luo, Peng Liu: Stalking online:
on user privacy in social networks. 37-48 (Jason)
Suhendry Effendy, Roland H. C. Yap, Felix Halim: Revisiting link privacy in
social networks. 61-70 (Kruthika)
Ninghui Li, Haining Chen, Elisa Bertino: On practical specification and
enforcement of obligations. 71-82 (Ankita)
Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo,
Alessandra Russo: Risk-based security decisions under uncertainty. 157-168
(Navya)
Musheer Ahmed, Mustaque Ahamad: Protecting health information on mobile
devices. 229-240 (Ajay)
Papers to Read for Presentations: CODASPY
2013
Sanae Rosen, Zhiyun Qian, Zhuoqing Morley Mao: AppProfiler: a flexible
method of exposing privacy-related behavior in android applications to end
users. 221-232 (Akshay)
Rimma V. Nehme, Hyo-Sang Lim, Elisa Bertino: FENCE: continuous access
control enforcement in dynamic data stream environments. 243-254
Wei Wei, Ting Yu, Rui Xue: iBigTable: practical data integrity for bigtable in
public cloud. 341-352 (Ashwin)
Majid Arianezhad, L. Jean Camp, Timothy Kelley, Douglas Stebila:
Comparative eye tracking of experts and novices in web single sign-on. 105116
Papers to Read for Presentations: CODASPY
2014
William C. Garrison III, Yechen Qiao, Adam J. Lee: On the suitability of
dissemination-centric access control systems for group-centric sharing. 1-12
(Pratyusha)
Ebrahim Tarameshloo, Philip W. L. Fong, Payman Mohassel: On protection in
federated social computing systems. 75-86 (Aishwarya)
Michael Mitchell, Guanyu Tian, Zhi Wang: Systematic audit of third-party
android phones. 175-186
Tien Tuan Anh Dinh, Anwitaman Datta: Streamforce: outsourcing access
control enforcement for stream data to the clouds. 13-24 (Arpita)
Mohammad Saiful Islam, Mehmet Kuzu, Murat Kantarcioglu: Inference attack
against encrypted range queries on outsourced databases. 235-246
Papers to Read for Presentations – ACM CCS
Cloud Security Workshop 2011
All Your Clouds are Belong to us - Security Analysis of Cloud Management
Interfaces
Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils
Gruschka and Luigi Lo Iacono (Kirupa)
Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted
Applications
Andrew Brown and Jeff Chase (Rohit)
Detecting Fraudulent Use of Cloud Resources
Joseph Idziorek, Mark Tannian and Doug Jacobson
Papers to Read for Presentations – ACM CCS
Cloud Security Workshop 2012
Fast Dynamic Extracted Honeypots in Cloud Computing
Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser (Anirudh)
Unity: Secure and Durable Personal Cloud Storage
Beom Heyn Kim, Wei Huang, David Lie
Exploiting Split Browsers for Efficiently Protecting User Data
Angeliki Zavou, Elias Athanasopoulos, Georgios Portokalidis, Angelos
Keromytis (Rahul)
CloudFilter: Practical Control of Sensitive Data Propagation to the Cloud
Ioannis Papagiannis, Peter Pietzuch
Papers to Read for Presentations – ACM CCS
Cloud Security Workshop 2013
Structural Cloud Audits that Protect Private Information
Hongda Xiao; Bryan Ford; Joan Feigenbaum
Cloudoscopy: Services Discovery and Topology Mapping
Amir Herzberg; Haya Shulman; Johanna Ullrich; Edgar Weippl (Ahmed)
Cloudsweeper: Enabling Data-Centric Document Management for Secure
Cloud Archives
Chris Kanich; Peter Snyder (Greeshma)
Supporting Complex Queries and Access Policies for Multi-user Encrypted
Databases
Muhammad Rizwan Asghar; Giovanni Russello; Bruno Crispo
Papers to Read for Presentations – ACM CCS
Cloud Security Workshop 2014
CloudSafetyNet: Detecting Data Leakage between Cloud Tenants
Christian Priebe; Divya Muthukumaran; Dan O'Keeffe; David Eyers; Brian
Shand; Ruediger Kapitza; Peter Pietzuch (Sowmaya)
Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage,
Nathalie Baracaldo; Elli Androulaki; Joseph Glider; Alessandro Sorniotti
A Framework for Outsourcing of Secure Computation
Jesper Buus Nielsen; Claudio Orlandi (Ajay)
Guardians of the Clouds: When Identity Providers Fail
Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk
(Viswesh)
Your Software at my Service
Vladislav Mladenov, Christian Mainka; Florian Feldmann; Julian Krautwald;
Joerg Schwenk