Emerging NCSA Security R&D NSF CyberSecurity Summit September 28th, 2004

1. Emerging NCSA Security R&D NSF CyberSecurity SummitSeptember 28th, 2004 Von Welchvwelch@ncsa.uiuc.edu

2. About this presentation • Overview of a number of technologies being developed by a number of groups at NCSA • Seeking to find consumers, foster communication and collaboration • Purpose is to give quick overview of each project to spur interest • Please contact myself or project lead/PI listed for a given project for more information NCSA Emerging Security R&D

3. National Center for Advanced Secure Systems Research • ONR-funded multi-organization security R&D center led by NCSA • Partners include University of Illinois at Urbana-Champaign, Battelle Pacific Northwest Division, InfoAssure Inc., the University of Tennessee, and the Naval Postgraduate School • http://www.ncassr.org NCSA Emerging Security R&D

4. ONR-funded Technology Research Education Commercialization Center http://www.trecc.org NSF Middleware Initiative http://www.nsf-middleware.org/ Security R&D Projects NCSA Emerging Security R&D

5. MAIDS: Mining Alarming Incidents in Data Streams • Datamining applied to streams • MAIDS is aimed to: • Discover changes, trends and evolution characteristics in data streams • Construct clusters and classification models from data streams • Explore frequent patterns and similarities among data streams • MAIDS is being applied to NCSA’s network flow data in order to be trained to automatically detect incidents • Contact: Michael Welge welge@ncsa.uiuc.edu NCSA Emerging Security R&D

6. SIFT • Security Incident Fusion Tool (SIFT) • Framework and tools for combination of flow and log data from multiple sources and coherent visualization • Software available from: http://www.ncassr.org/projects/sift/ • Contact: Bill Yurcik (yurcik@ncsa.uiuc.edu) NCSA Emerging Security R&D

7. SELS: A Secure Email List ServiceContact: Himanshu Khurana hkhurana@ncsa.uiuc.edu • Mail List Security • Confidentiality: Solution using proxy encryption techniques whereby the plaintext is not exposed at list server; instead, list server simply transforms encrypted messages • Integrity and authentication: Solution using digital signatures where certificate validation is provided by list server • Anti-spamming: Solution using digital signatures and HMACs where list server discards any message not sent by a valid subscriber • Prototype (Java) • Email client plugins for JavaMail and Eudora currently being developed • Evaluating available list server software for plugin development NCSA Emerging Security R&D Himanshu Khurana

8. MyProxy: Grid Credential Management • Stores Grid X.509 credentials • Retrieval through SASL/PAM allows for authentication via OTP, password, Kerberos • Allows bridging between authentication domains • Contact: Jim Basney (jbasney@ncsa.uiuc.edu) MyProxy OTP, Krb5, Password X.509 Grid Credential NCSA Emerging Security R&D

9. Grid-Shib: Grid-Shibboleth Integration • Integration of Internet2’s Shibboleth with Globus Toolkit • Funded by NSF NMI program • Allow for use of Shibboleth-served attributes in Grid authorization • Allow leveraging of Shibboleth software and deployments to support Grids • Utilizing Web Services security standards (SAML) • Contact: Von Welch (vwelch@ncsa.uiuc.edu) NCSA Emerging Security R&D

10. Other activities • Software-defined radio policy enforcement • Von Welch (vwelch@ncsa.uiuc.edu) • Security Middleware for sensors • Himanshu Khurana (hkurana@ncsa.uiuc.edu) • Secure Grid Laboratory • Testbed for deployment and testing • Randy Butler (rbutler@ncsa.uiuc.edu) NCSA Emerging Security R&D

11. For more information • http://www.ncassr.org • Or contact me for routing • vwelch@ncsa.uiuc.edu NCSA Emerging Security R&D