1 / 18

Research in Security and Dependable Computing

Research in Security and Dependable Computing. Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28, 2003. Outline. Background Students and List of Projects Brief Description of Projects Synergistic Activities. Welcome.

erwin
Download Presentation

Research in Security and Dependable Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28, 2003

  2. Outline • Background • Students and List of Projects • Brief Description of Projects • Synergistic Activities CEISARE @

  3. Welcome CEISARE @

  4. Certificate, New courses, Security lab, More funds, Student training 2003 COE, IASP AFRL, Telcordia ?? 2002 Roadmap 2001 CEISARE @

  5. UB’s Center of Excellence (Unofficial) Logo CEISARE @

  6. IA Constituents Law School Computer Science & Eng CSE LAW School of Management Information Assurance SOM Document Analysis & Recognition CEISARE Information Systems Assurance Research and Education MAT CEDAR Mathematics ILPB Lasers, Photonics & Biophotonics CCR Bioinformatics Computational Research CEISARE @

  7. Students • Recently graduated students • Kiran Mantha, MS, 2001 (Deloitte & Touche, NY) • Hugh Wu, Ph.D, 2002 (Faculty, Taiwan) • Neelesh Arora, MS, 2003 (Thomson Financial, NY) • Pradeep Nagaraj (2002), Sajit Balraj (2002), Gaurav Bhargava, 2003, MS (Qualcom, CA) • Current students • Ramkumar Chinchani, MS, 2002 (PhD student) • Suranjan Pramanik (PhD student) • Ashish Garg (PhD student) • Mohit Virendra (PhD student) • Anusha Iyer (PhD student) • Dan Zhao (PhD student) • M. Nair (PhD student) • S. Vidyaraman (PhD student) • Aarthie Muthukrishnan (MS student) • Madhu Chandrasekharan (MS student) CEISARE @

  8. Collaborators • Research • Martin Margala, University of Rochester • P.R. Mukund, RIT • Kevin Kwiat, AFRL • Bharat Jayaraman, CSE, UB • Jim Llinas, IE, UB • H.R. Rao, SOM, UB • Education • Jeannette Neal, ECC • Donna Kaputa, ECC • Marina Cappellino, GCC CEISARE @

  9. Research and Educational Grants • Research Grants • AFRL (2000 – 2004) • NYSTAR (2002 – 2004) • DARPA seedling (2003 – 2004) • NSA/ARDA (2003 – 2005) • AFRL (2003 – 2005), pending final approval • SRC (2003 – 2006) • Educational Grants • DoD/NSA • Students Supported • 7 students as RA and 4 as IA Scholars • 2-4 new positions available CEISARE @

  10. Research Projects • Computer Security • Intrusion detection by encapsulating user’s intent – Concept development, simulation, investigation of scalability (thrust: anomaly detection) • Reasoning about intrusions (thrust: risk analysis) • Building secure enclaves (thrust: graph theory) • Simulation support for IA experiments (thrust: event-based) • Secure voting protocols (thrust: replication and two-phase commit) • Securing documents from Insider Threat – A multi-phase approach (thrust: attack graph, vulnerability analysis) • Event correlation for cyber attack recognition systems (thrust: data fusion) CEISARE @

  11. Research Projects (Contd.) • Distributed Systems • Fault tolerance and security in enterprise servers (thrust: checkpointing and recovery) • VLSI Design and Test • Test scheduling in Systems-on-chips (thrust: algorithms) • Adaptive BIST for complex Systems-on-chip (thrust: built-in current sensors) • Test control architecture for future SOCs using on-chip wireless communication (thrust: on-chip RF nodes) CEISARE @

  12. Where Does Our Security Research Fit In? CEISARE @

  13. Underlying Principles • Use the principle of least privilege to achieve better security • Use mandatory access control wherever appropriate • Data used for intrusion detection should be kept simple and small • Intrusion detection capabilities are enhanced if environment specific factors are taken into account CEISARE @

  14. User Intent Encapsulation CEISARE @

  15. Building Secure Enclaves • Tamper-resistant security monitoring • Available choices • Replication (Chameleon at UIUC)  • Layered Hierarchy (AAFID at Purdue) • Both can be easily compromised • Proposed solution • Circulant graph • Overhead is manageable • There is no mutual trust among the watchers • (Ref: IEEE IWIA 2003) CEISARE @

  16. Securing Documents: A Three-Phase Approach Pre-document Access Phase Insider modeling Policy definition and refinement Mid-document Access Phase Anomaly based monitoring to check user actions Zero-trust self monitoring and logging Post-document Access Phase Forensics Policy refinement CEISARE @

  17. Policy Enforcement • Most systems only log user logins • Not easy to determine which user violated normal document policies • Violators can act without fear of non-repudiable trace-back • How do you handle the problem? • Tie each entity with a digital certificate • Policy enforcement module • Kerberized certificates for authentication and data integrity • Scalability? CEISARE @

  18. Synergistic Activities • Information Assurance Scholarship program • Organized 1st New York State Cyber Security Symposium at Utica, NY, Feb. 2003 jointly with Griffiss Institute, Utica, NY • Planning on a IA Workshop in Buffalo in the area of Secure Knowledge Management CEISARE @

More Related