Lecture 1 - The University of Texas at Dallas
Download
Report
Transcript Lecture 1 - The University of Texas at Dallas
Digital Forensics
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Lecture #1
Introduction to Data and Applications Security and
Digital Forensics
August 20, 2007
Outline
Data and Applications Security
-
Developments and Directions
Some Emerging Technologies
-
Digital watermarking, Biometrics, Digital Forensics, - - -
Developments in Data and Applications
Security: 1975 - Present
Access Control for Systems R and Ingres (mid 1970s)
Multilevel secure database systems (1980 – present)
- Relational database systems: research prototypes and products;
Distributed database systems: research prototypes and some
operational systems; Object data systems; Inference problem
and deductive database system; Transactions
Recent developments in Secure Data Management (1996 – Present)
- Secure data warehousing, Role-based access control (RBAC); Ecommerce; XML security and Secure Semantic Web; Data
mining for intrusion detection and national security; Privacy;
Dependable data management; Secure knowledge management
and collaboration; emerging technologies such as biometrics
and digital forensics
Developments in Data and Applications
Security: Multilevel Secure Databases - I
Air Force Summer Study in 1982
Early systems based on Integrity Lock approach
Systems in the mid to late 1980s, early 90s
- E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and
ASD Views by TRW
- Prototypes and commercial products
- Trusted Database Interpretation and Evaluation of Commercial
Products
Secure Distributed Databases (late 80s to mid 90s)
- Architectures; Algorithms and Prototype for distributed query
processing; Simulation of distributed transaction management
and concurrency control algorithms; Secure federated data
management
Developments in Data and Applications
Security: Multilevel Secure Databases - II
Inference Problem (mid 80s to mid 90s)
- Unsolvability of the inference problem; Security constraint
processing during query, update and database design
operations; Semantic models and conceptual structures
Secure Object Databases and Systems (late 80s to mid 90s)
- Secure object models; Distributed object systems security;
Object modeling for designing secure applications; Secure
multimedia data management
Secure Transactions (1990s)
- Single Level/ Multilevel Transactions; Secure recovery and
commit protocols
Some Directions and Challenges for Data and
Applications Security - I
Secure semantic web
- Security models
Secure Information Integration
- How do you securely integrate numerous and
heterogeneous data sources on the web and otherwise
Secure Sensor Information Management
- Fusing and managing data/information from distributed
and autonomous sensors
Secure Dependable Information Management
- Integrating Security, Real-time Processing and Fault
Tolerance
Data Sharing vs. Privacy
- Federated database architectures?
Some Directions and Challenges for Data and
Applications Security - II
Data mining and knowledge discovery for intrusion detection
- Need realistic models; real-time data mining
Secure knowledge management
- Protect the assets and intellectual rights of an organization
Information assurance, Infrastructure protection, Access
Control
- Insider cyber-threat analysis, Protecting national databases,
Role-based access control for emerging applications
Security for emerging applications
- Geospatial, Biomedical, E-Commerce, etc.
Other Directions
- Trust and Economics, Trust Management/Negotiation, Secure
Peer-to-peer computing, Emerging technologies such as digital
forensics
Emerging Technologies in Data and Applications
Security
Digital Identity Management
Identity Theft Management
Digital Watermarking
Risk Analysis
Economic Analysis
Secure Electronic Voting Machines
Biometrics
Digital Forensics
Digital Identity Management
Digital identity is the identity that a user has to access an
electronic resource
A person could have multiple identities
- A physician could have an identity to access medical
resources and another to access his bank accounts
Digital identity management is about managing the multiple
identities
- Manage databases that store and retrieve identities
- Resolve conflicts and heterogeneity
- Make associations
- Provide security
Ontology management for identity management is an
emerging research area
Digital Identity Management - II
Federated Identity Management
- Corporations work with each other across organizational
boundaries with the concept of federated identity
- Each corporation has its own identity and may belong to
multiple federations
Individual identity management within an organization
and federated identity management across organizations
Technologies for identity management
- Database management, data mining, ontology
management, federated computing
-
Identity Theft Management
Need for secure identity management
- Ease the burden of managing numerous identities
- Prevent misuse of identity: preventing identity theft
Identity theft is stealing another person’s digital identity
Techniques for preventing identity thefts include
- Access control, Encryption, Digital Signatures
- A merchant encrypts the data and signs with the public
-
key of the recipient
Recipient decrypts with his private key
Steganography and Digital Watermarking
Steganography is about hiding information within other
information
- E.g., hidden information is the message that terrorist may
be sending to their pees in different parts of the worlds
- Information may be hidden in valid texts, images, films
etc.
- Difficult to be detected by the unsuspecting human
Steganalysis is about developing techniques that can analyze
text, images, video and detect hidden messages
- May use data mining techniques to detect hidden patters
Steganograophy makes the task of the Cyber crime expert
difficult as he/she ahs to analyze for hidden information
- Communication protocols are being developed
Steganography and Digital Watermarking - II
Digital water marking is about inserting information without
being detected for valid purposes
- It has applications in copyright protection
- A manufacturer may use digital watermarking to copyright
a particular music or video without being noticed
- When music is copies and copyright is violated, one can
detect two the real owner is by examining the copyright
embedded in the music or video
Risk Analysis
Analyzing risks
- Before installing a secure system or a network one needs
to conduct a risk analysis study
- What are the threats? What are the risks?
Various types of risk analysis methods
Quantitative approach: Events are ranked in the order of
risks and decisions are made based on then risks
Qualitative approach: estimates are used for risks
-
Economics Analysis
Security vs Cost
- If risks are high and damage is significant then it may be
worth the cost of incorporating security
- If risks and damage are not high, then security may be an
additional cost burden
Economists and technologists need to work together
- Develop cost models
- Cost vs. Risk/Threat study
Secure Electronic Voting Machines
We are slowly migrating to electronic voting machines
Current electronic machines have many security
vulnerabilities
A person can log into the system multiple times from different
parts of the country and cast his/her vote
Insufficient techniques for ensuring that a person can vote
only once
The systems may be attacked and compromised
Solutions are being developed
Johns Hopkins University is one of the leaders in the field of
secure electronic voting machines
Biometrics
Early Identication and Authentication (I&A) systems, were
based on passwords
Recently physical characteristics of a person are being sued
for identification
- Fingerprinting
- Facial features
- Iris scans
- Blood circulation
- Facial expressions
Biometrics techniques will provide access not only to
computers but also to building and homes
Other Applications
Digital Forensics
Digital forensics is about the investigation of crime including
using digital/computer methods
More formally: “Digital forensics, also known as computer
forensics, involved the preservation, identification, extraction,
and documentation of computer evidence stored as data or
magnetically encoded information”, by John Vacca
Digital evidence may be used to analyze cyber crime (e.g.
Worms and virus), physical crime (e.g., homicide) or crime
committed through the use of computers (e.g., child
pornography)
Digital Forensics - II
The steps include the following:
- When a crime occurs, law enforcement officials gather
every piece of evidence including information from the
crime scene as well as from the computers
- The evidence gathered is analyzed
- Techniques include
Intrusion detection
Data Mining
Analyzing log files
Analyze email messages
Lawyers, Psychologists, Sociologists, Crime investigators
and Technologists have to work together
International Journal of Digital Evidence is a useful source
Information Sharing between Trustworthy, Semitrustworthy and Untrustworthy Partners
Data/Policy for Federation
Export
Data/Policy
Export
Data/Policy
Export
Data/Policy
Component
Data/Policy for
Agency A
Component
Data/Policy for
Agency C
Component
Data/Policy for
Agency B