CS 6393: Cyber Security Models and Systems

Cyber Security Perspective

Ravi Sandhu

Lecture 1Spring 2020

World-Leading Research with Real-World Impact!1

© Ravi Sandhu

World-Leading Research with Real-World Impact!2

© Ravi Sandhu

Cyber Security at UTSA

Human Development

School of Data Science

SciencesBusiness

Engineering

ArtsEducation

…….

Institute for Cyber SecurityCenter for Infrastructure Assurance …

Cyber Center for Security AnalyticsOpen Cloud Institute

National Security Collaboration Center

Human Development

School of Data Science

Cyber OperationsCyber Defense ResearchCyber Defense Education

A strategic priority since 2000

World-Leading Research with Real-World Impact!3

© Ravi Sandhu

ICS & C-SPECC

World-Leading Research with Real-World Impact!4

© Ravi Sandhu

ICS Mission and History

MISSIONSustained excellence in graduate-level sponsored research

2012-2017Graduated to a self-sustaining operation

2007-2012Founded by start-up funding from State of Texas

2017-2022Major expansion by winning NSF C-SPECC grant

In collaboration with:College of EngineeringCollege of BusinessCollege of EducationOpen Cloud InstituteCyber Center for Security & AnalyticsPartnership with 4 NISD High Schools:Harlan, Woodson, Taft, Business Careers

Established world class laboratories for:Secure cloud computing &Malware research

World-Leading Research with Real-World Impact!5

© Ravi Sandhu

Natural vs Cyber Science

Elephant Problem Cyber-Elephant Problem

Applied vs Foundational Science: Cyber-elephants require applied and foundational combined

Present vs Future Focus: Rapidly evolving cyber-elephants require future focus

World-Leading Research with Real-World Impact!6

© Ravi Sandhu

Holistic Cyber Security

PROTECT

DETECT

Complement

How?

POLICY ATTACKS

What? Why?

Enforce

Enable

Defend

Respond

Objectives

Mechanisms

World-Leading Research with Real-World Impact!7

© Ravi Sandhu

Security Objectives

INTEGRITYmodification

AVAILABILITYaccess

CONFIDENTIALITYdisclosure

Control of read and write is fundamental to all three

World-Leading Research with Real-World Impact!8

© Ravi Sandhu

Security Objectives

INTEGRITYmodification

AVAILABILITYaccess

CONFIDENTIALITYdisclosure

USAGEpurpose

Covers privacy and intellectual property

protection

World-Leading Research with Real-World Impact!9

© Ravi Sandhu

Security Objectives

INTEGRITYmodification

AVAILABILITYaccess

CONFIDENTIALITYdisclosure

USAGEpurpose

USAGE

World-Leading Research with Real-World Impact!10

© Ravi Sandhu

Security is Dynamic

“My dear, here we must run as fast as we can, just to stay in place. And if you wish to go anywhere you must run twice as fast as that.”

― Lewis Carroll, Alice in Wonderland

World-Leading Research with Real-World Impact!11

© Ravi Sandhu

Low Assurance Systems

The ATM (Automatic Teller Machine) system is secure enough global in scope Similarly on-line banking e-commerce payments

World-Leading Research with Real-World Impact!12

© Ravi Sandhu

High Assurance Systems

US President’s nuclear football Secret formula for Coca-Cola

World-Leading Research with Real-World Impact!13

© Ravi Sandhu

Cyber SecurityFundamental Limits

Copy control Inference Analog hole Trusting humans vs trusting software Trusted computing base vulnerabilities Side channels and covert channels …………….

World-Leading Research with Real-World Impact!14

© Ravi Sandhu

Cyber Security?

Computer security Information security = Computer security + Communications security

Information assurance Cyber SecurityIncludes cyber physical

World-Leading Research with Real-World Impact!15

© Ravi Sandhu

Cyber Security?

Computer security Information security = Computer security + Communications security

Information assuranceMission assuranceIncludes cyber physical

World-Leading Research with Real-World Impact!16

© Ravi Sandhu

Other Securities?

Data Security Network Security Operating System Security Privacy ………….

World-Leading Research with Real-World Impact!17

© Ravi Sandhu

Privacy vs Security

Security Privacy

Security

Privacy Security =Privacy

Security Privacy

Privacy

Security

World-Leading Research with Real-World Impact!18

© Ravi Sandhu

Privacy vs Security

Security Privacy

Security

Privacy Security =Privacy

Security Privacy

Privacy

Security