1 / 18

Information Assurance and Security

Information Assurance and Security. Eugene Spafford Professor Department of Computer Sciences Purdue University. Outline. Security at Purdue, COAST/CERIAS Resources, Sponsors Ongoing Research Projects Proposed QoS Research. Information Security At Purdue.

Olivia
Download Presentation

Information Assurance and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Assurance and Security Eugene SpaffordProfessorDepartment of Computer SciencesPurdue University

  2. Outline • Security at Purdue, COAST/CERIAS • Resources, Sponsors • Ongoing Research Projects • Proposed QoS Research

  3. Information Security At Purdue • Information Security started in 1979 • Many courses offered (grad, undergrad) • COAST (1992-97) • CERIAS (1998) • University-wide • Multidisciplinary

  4. 32 Sun Workstations 2 Sun Enterprise Servers 9 MacOS Platforms FORE ATM cloud 40 host adapters 2 BX200 4 FORErunners 3 486/586 PCs w/Win 95 4 Pentium Pro BSDI/Linux 12 Pentium II WinNT 5 HP Printers 2 Tektronix Color Printers 3 Cisco Routers 7507 Enterprise router 3 Sunscreen firewalls 2 PrivateNet firewalls 1 Firewall-1 firewall 2 Pentium laptops Assorted other dedicated hardware & software Center Resources

  5. On-Going Projects–Brief Synopses • Intrusion Detection • AAFID agent-based system • Characterizing Misuse • Audit Analysis • Audit content • Audit representation & compression • Firewalls and Network Protection • Firewall evaluation lab • Firewall structure • Vulnerability Testing

  6. On-Going Projects (1) • Vulnerability Database • Data Mining • Taxonomical Work • Software Testing • Archive Development • Organization and Protection • Archival document entry • Secure outsourcing • Watermarking

  7. On-Going Projects (2) • ATM Security • Network vulnerability analysis • Database & Multimedia security • Use of information-based terrorism • Attack traceback analysis • Privacy ethics & protections • Best practices survey

  8. Founding Sponsors Lilly Endowment Tier I Sponsors Andersen Consulting AT&T Labs/GeoPlex Cisco Systems GE Laboratories Global Integrity Corp. Hewlett-Packard Corp. Intel Corporation Microsoft MITRE Schlumberger Sun Microsystems Trident Data Systems Tripwire Security Systems TRW Tier II Sponsors Axent Other Donors Addison-Wesley INITA L3 Communications O’Reilly & Associates RiskWatch Tektronix Current Sponsors

  9. Potential Sponsors • Boeing • Citicorp • Compaq • Department of Energy/LANL/Sandia • Motorola • NIST • Swiss Bank Corporation

  10. Security QoS • Security services • E.g., audit, intrusion detection, … • Many levels of service • Multiple ``alarm levels’’ in an ID system • Multiple levels of audit • Costly in terms of network & storage resources • Low (high) security levels cause small (large) footprints • Impact on system usability/availability • E.g., firewall blocks UDP packets • Security requirements differ across the network

  11. Research Issues in Security QoS • How does user … • … specify security QoS ? • … negotiate security QoS ? • What granularity (host ? subnet ? ) • Varies with security service considered • Connections with DB QoS and network QoS • Compete for same resources • Benefit from same techniques • … and many more in the following examples • Intrusion detection • Audit trail service • Profiling service • Secure multimedia document service

  12. Intrusion Detection Service (1) • Experimental testbed: Existing AAFID prototype • Already supports multiple levels of security

  13. Intrusion Detection Service (2) • More research questions • How to handle levels of security that vary across a network • The interface between security-level regions • Where ``low’’ meets ``high’’ • What network QoS requirements should the AAFID agents make ? • Different types of agents • What network QoS requirements should AAFID monitors make ? • What DB QoS requirements should the AAFID entities make on the audit trail DB ?

  14. QoS Tradeoffs • Footprint on network vs. level of security • Economic model • Cost-benefit analyses • Characterize ``best’’ operating points • Similar tradeoff for which security services to provide • Same research issues as above • Functionality vs. security

  15. Audit Service • Gives ability to know ``what happened’’ • Various levels of audit • From ``Store all events’’ to ``store nothing’’ • Quality of audit required affects resources, hence system usability and availability • Requirements can vary • From application to application • From host to host • From subnet to subnet • DB techniques for audit data • Audit data is massive (compression issues) • Special nature of data and how it is used (``ephemeral records’’) • Special queries (searching for attack patterns)

  16. User Profiling Service • Profile of user • For active email (IBM Almaden), active DB • For statistical ID (IDES, NIDES and related systems) • Levels of quality (of profile) • Extensive and accurate implies a higher expense • Quality requirements are highly variable • E.g., active DB can do with lower quality profile than MD system • Profiling technology • Similar to statistical approach to intrusion detection • Notion of ``normal’’ user (or network, or DB) behavior • Difficult! (Curse of dimensionality, dependence, …) • User profile is itself stored in special DB • How fast should profile evolve? (Drawbacks to both extremes)

  17. Other Security Services • Scanning • Related to ID but intense & limited in time (ID is continuous) • Multimedia document services • Timestamping, tamper-resistance, watermarking, … • Cryptographic protocol support • PKI • … etc • Each service has its own QoS requirements/tradeoffs

  18. Other Contributions • CERIAS Outreach • Technology transfer to sponsors • Workshops and Conferences • Continuing Ed offerings • CERIAS K-12 • Full-time coordinator • Working with State Education Dept. • CERIAS Archive Delivery • Full-time Webmaster • Major archive & dissemination

More Related