Data and Applications Security - The University of Texas at Dallas

Download Report

Transcript Data and Applications Security - The University of Texas at Dallas

Cyber Security Research at the
University of Texas at Dallas
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
[email protected]
April 23, 2007
University of Texas at Dallas
About the Cyber Security
Research Center

NSA/DHS Center for Excellence in Information Assurance
Education (2004, 2007)
 Over 20 Faculty in Jonsson School conducting research in Cyber
Security
 Collaborating with researchers in the School of Management on
Risk analysis and Game theory applications
 Beginning collaboration with UT Southwestern medical Center
 Joint projects and proposals with leading researchers
 Part of UTD’s CyberSecuirty and Emergency Preparedness
Institute
Executive Director: Prof. Douglas Harris
University of Texas at Dallas
Cyber Security
Research Areas at UTD






Network Security
 Secure wireless and sensor networks
Systems and Language Security
 Embedded systems security, Buffer overflow defense
Data and Applications Security
 Information sharing, Geospatial data management, Surveillance,
Secure web services, Privacy, Dependable information management,
Intrusion detection
Security Theory and Protocols
 Secure group communication
Security Engineering
 Secure component-based software
Cross Cutting Themes
 Vulnerability analysis, Access control
University of Texas at Dallas
Our Model: R&D, Technology Transfer
Standardization and Commercialization
 Basic Research (6-1 Type)




Funding agencies such as NSF, AFOSR, etc. Publish our research in
top journals (ACM and IEEE Transactions)
Applied Research
 Some federal funding (e.g., from government programs) and
Commercial Corporations (e.g., Raytheon); Our current collaboration
with AFRL-ARL
Technology Transfer / Development
Work with corporations such as Raytheon to showcase our research
to sponsors (e.g., GEOINT) and transfer research to operational
programs such as DCGS
Standardization
Our collaborations with OGC and standardization of our research
(e.g., GRDF)
Commercialization
 Patents, Work with VCs, Corporations, SBIR, STTR for
commercialization of our tools (e.g., our work on data mining tools)
University of Texas at Dallas
Technical and Professional
Accomplishments

Publications of research in top journals and conferences, books
 IEEE Transactions, ACM Transactions, 8 books published and 2 books
in preparation including one on UTD research (Data Mining Applications,
Awad, Khan and Thuraisingham)
 Member of Editorial Boards/Editor in Chief
 Journal of Computer Security, ACM Transactions on Information and
Systems Security, IEEE Transactions on Dependable and Secure
Computing, IEEE Transactions on Knowledge and Data Engineering,
Computer Standards and Interfaces - -  Advisory Boards / Memberships/Other
Purdue University CS Department, Invitations to write articles in
Encyclopedia Britannica on data mining, Keynote addresses, Talks at
DFW NAFTA and Chamber of Commerce, Commercialization
discussions of data mining tools for security
 Awards and Fellowships
 IEEE Fellow, AAAS Fellow, BCS Fellow, IEEE Technical Achievement
Award, IEEE Senior Members
University of Texas at Dallas
Data and Applications Security
Research at UTD
 Core Group
- Prof. Bhavai Thuraisingham (Professor & Director, Cyber
Security Research Center)
- Prof. Latifur Khan (Director, Data Mining Laboratory)
- Prof. Murat Kantarcioglu (Joined Fall 2005, PhD. Purdue U.)
- Prof. Kevin Hamlen (Peer to Peer systems Security, Joined 2006
from Cornell U.)
- Prof. I-Ling Yen (Director, Web Services Lab)
- Prof. Prabhakaran (Director, Motion Capture Lab)
 Students and Funding
- Over 20 PhD Students, 40 MS students (combined)
- Research grants: Air Force Office of Scientific Research (2),
Raytheon Corporation (2), Nokia Corporation, National Science
Foundation (2), AFRL-ARL Collaboration, TX State
University of Texas at Dallas
Assured Information Sharing
Data/Policy for Coalition
Publish
Data/Policy
Publish
Data/Policy
Publish
Data/Policy
Component
Data/Policy for
Agency A
Research funded by two
grants from AFOSR
Component
Data/Policy for
Agency C
Component
Data/Policy for
Agency B
University of Texas at Dallas
1.
Friendly partners
2.
Semi-honest partners
3.
Untrustworthy partners
Secure Semantic Web
0Machine Understandable Web Pages
0What are we doing: CPT Policy enforcement (Confidentiality, Privacy, Trust)
T
R
U
S
T
P
R
I
V
A
C
Y
Logic, Proof and Trust
Rules/Query
RDF, Ontologies
XML, XML Schemas
URI, UNICODE
University of Texas at Dallas
C
O
N
F
I
D
E
N
T
I
L
A
I
T
Y
Secure Geospatial Data Management
Data Source A
Data Source B
Data Source C
Semantic Metadata
Extraction
Decision Centric Fusion
Geospatial data
interoperability through
web services
Geospatial data mining
Geospatial semantic web
Tools for
Analysts
SECURITY/ QUALITY
Research Supported by Raytheon on pne grant; working on robust prototypes on
second grant
University of Texas at Dallas
Framework for Geospatial Data Security
DATA PRESENTATION COMPONENTS
Open
Geospatial
Consortium
Framework
Traditional GIS
GIS Web Services
Wrapper
SECURITY LAYER
Core &
Application
Schemas
Geospatial
Features
Geography
Markup
Language
Authentic
Data Publication
DAC/RBAC Policy
Specification
Policy Reasoning
Engine
Access Control
Module
Trust & Privacy
Management
Auditing
Misuse Detection
Metadata
DATA ACCESS LAYER
Geospatial Data Registration
spatial and temporal
registration of geospatial data
Data Integration Services
&
Data Repository Access
Geospatial
Data
Repositories
University of Texas at Dallas
Suspicious Event Detection: Surveillance
 Defined an event representation measure based on low-level features
 Defined “normal” and “suspicious” behavior and classify events in
unlabeled video sequences appropriately
 Tool to determine whether events are suspicious or not
 Privacy preserving surveillance
University of Texas at Dallas
Surveillance and Privacy
Raw video surveillance data
Face Detection and
Face
Derecognizing
system
Faces of trusted people
derecognized to
preserve privacy
Suspicious Event
Detection System
Manual Inspection
of video data
Suspicious people
found
Suspicious events
found
Report of security personnel
University of Texas at Dallas
Comprehensive
security report
listing suspicious
events and people
detected
Social Networks
 Individuals engaged in suspicious or undesirable behavior rarely
act alone
 We can infer than those associated with a person positively
identified as suspicious have a high probability of being either:
Accomplices (participants in suspicious activity)
Witnesses (observers of suspicious activity)
 Making these assumptions, we create a context of association
between users of a communication network
-
University of Texas at Dallas
Privacy Preserving Data Mining
 Prevent useful results from mining
- Introduce “cover stories” to give “false” results
- Only make a sample of data available so that an adversary is
unable to come up with useful rules and predictive functions
 Randomization and Perturbation
- Introduce random values into the data and/or results
- Challenge is to introduce random values without significantly
affecting the data mining results
- Give range of values for results instead of exact values
 Secure Multi-party Computation
- Each party knows its own inputs; encryption techniques used to
compute final results
University of Texas at Dallas
Data Mining for Intrusion Detection / Worm
Detection
Training
Data
Classification
Hierarchical
Clustering (DGSOT)
SVM Class Training
Testing
DGSOT: Dynamically growing self organizing tree
SVM: Support Vector Machine
Testing Data
University of Texas at Dallas
Example Projects
 Assured Information Sharing
-
Secure Semantic Web Technologies
Social Networks and game playing
Privacy Preserving Data Mining
 Geospatial Data Management
-
Secure Geospatial semantic web
Geospatial data mining
 Surveillance
-
Suspicious Event Detention
Privacy preserving Surveillance
Automatic Face Detection, RFID technologies
 Cross Cutting Themes
-
Data Mining for Security Applications (e.g., Intrusion detection, Mining
Arabic Documents); Dependable Information Management
University of Texas at Dallas
Other Research in Cyber Security
Single Packet IP Traceback (Prof. Kamil Sarac)
 Goal: trace an IP packet back to its source
 Usage of IP traceback
- Internet forensic analysis
- Denial-of-service attack defense
 Design issues for practical IP traceback
- Reducing overhead on routers
- Supporting incremental and partial deployment
- Traceback speed and efficiency
University of Texas at Dallas
Protecting Computer Security via
Hardware/Software: Prof. Edwin Sha
Hardware/Software Defender
The most widely exploited vulnerabilities
are buffer overflow related, causing
billion dollars of damage.
Almost all effective worms use this
vulnerability to attack.
Eg. Internet Worm, Code Red, MS
Blaster, Sasser worm, etc.
Design new instructions and hardware to avoid
buffer overflow vulnerabilities.
Stack Smashing Attack Protection - Two
methods proposed:
Hardware Boundary Check
New Secure Function Call instructions:
Scall and Sret.
Function Pointer Attack Protection
New secure instruction for jumping function
pointer: SJMP
1.
A complete protection from buffer overflow
attacks.
2.
An efficient checking mechanism for a
system integrator.
3.
Compiler is easy to handle.
4.
Hardware and timing overhead are little.
For the most common stack smashing
attacks, HSDefender provides a complete
protection.
For the function pointer attack, it makes
an hacker extremely hard to change a
function pointer leading to his hostile
code.
With little time overhead (0.098%), it can
be applied to critical real-time systems.
University of Texas at Dallas
Buffer Overflow Attacks:
Prof. Gupta
 Buffer Overflow Attacks (B.O.A): A majority of attacks for which





advisories are issued are based on B.O.A.
Other forms of attacks, such as distributed denial of service attacks,
sometimes rely on B.O.A.
B.O.A. exploit the memory organization of the traditional activation
stack model to overwrite the return address stored on the stack.
This memory organization can be slightly changed so as to prevent
buffer overflows overwriting return addresses.
Our system automatically transforms code binaries in accordance to
this modified memory organization, thereby preventing most
common forms of buffer overflow attacks.
Our tool (under development) can be used on third-party software
and off-the-shelf products, and does not require access to source
code.
University of Texas at Dallas
Information Assurance
Education (Prof. Gupta)

Current Courses
Introduction to Computer and Network Security: Prof. Sha
Cryptography: Profs. Sudborough, Murat
Data and Applications Security: Prof. Bhavani Thuraisingham
Biometrics: Prof. Bhavani
Privacy: Prof. Murat Kantarcioglu
Secure Language, Prof. Kevin Hamlen
Digital Forensics: Prof. Bhavani Thuraisingham
Trustworthy semantic web: Prof. Bhavani
 NSA/DHS Center for Information Assurance Education (2004, 2007)
Courses at AFCEA and AF Bases
Knowledge Management, Data Mining for Counter-terrorism, Data Security,
preparing a course on SOA and NCES with Prof. Alex Levis - GMU and Prof.
Hal Sorenson - UCSD)
University of Texas at Dallas
Development Room
(19.5’ x 29’)
Mainframes
2
PC’s
54
Work Stations
6
Laptops
5
Servers
7
Switches
4
Routers
10
PDA’s
15
Access Points
8
Network Analyzer 1
Protocol Analyzer 1
Development
Software & Hardware
Testing Area
(22’ x 31.5’)
Cable tray
Attenuation levels of radiated signals as tested to MIL-STD-285
Magnetic Mode
60 dB at 10KHz to 100KHz at 100dB
Electric Mode
100 dB from 1 KHz to 1 GHz
Plane Ware and Microwave
100 dB from 1 GHz to 10 GHz
Cable tray
Security
Analysis
and
SAIAL Laboratory
(Security
Analysis
and
Information
Assurance
Information
Assurance
Laboratory)Laboratory
Cable tray
Cable tray
Cable tray
University of Texas at Dallas
Wireless Network
Area
(8’ x 19’)
Directions and Plans

Take Advantage of SAIAL Lab
Opportunity for Information Operations portion of the AFOSR
project
 Increase focus areas
Major focus the past 2 years has been on Data Security;
Expand the focus utilizing our strengths and state/federal interests
Digital forensics is becoming an important area
 Interdisciplinary research and multiple domains
Healthcare, Telecom, etc.
Collaboration
Integrate programs across the schools at UTD
Increase collaboration with our partners
 Our major goal is to establish a Center Scale Project
University of Texas at Dallas